I've blogged before about how complicated setting
up SSL with MySQL can be. Since then many bugs have been fixed
related to SSL.
But still many people are using unencrypted connections for
replication and client connections.
This could be because of possible performance degradation. But
then it could be used for only the admin connections.
It could also be because they already use SSH or VPN.
But for many it's because they think it's complicated. This is
not necessary. I've created mysslgen
which makes it easier to setup SSL. Just run mysslgen.py and then
the CA, server and client certificates and keys will be generated
for you. The most difficult part it to get python 3.3 or python
2.7 to run on CentOS/RHEL/OEL 6.
If you think SSL should be part of the default MySQL
installation, then click the 'Affects me' button for Bug
#70734.
During the creation of mysslgen I found out MySQL fails to load
private keys if they are in PKCS#8 format (Bug
#71271). So, be careful if you create the private keys
yourself!
With SSL enabled it should be easier to grant users the
permission to use MySQL for Excel, MySQL with LibreOffice or any
other desktop tool with a MySQL feature.
Jan
02
2014