List:General Discussion« Previous MessageNext Message »
From:Shawn Green (MySQL) Date:August 11 2010 6:23pm
Subject:Re: How to use SSL? (SSL is enabled but not used)
View as plain text  
On 8/9/2010 5:27 PM, Yves Goergen wrote:
> Does anybody know how to use SSL-secured connections to a MySQL server?
> Has anybody done that at all?
> 
> In the manual I have now found the following statement:
> 
> http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html
>> Note that use of --ssl does not require an SSL connection. For
>> example, if the server or client is compiled without SSL support, a
>> normal unencrypted connection is used.
> 
> What's that supposed to mean? If there's no way to force the connection
> into SSL, it is entirely useless. Anyone on the wire could simply
> pretend that the server doesn't support SSL and so deny the encryption
> and the client wouldn't even care...
> 
> I don't want to use REQUIRE SSL for an account that is regularly used
> locally and doesn't need SSL. SSL should really be selected by the
> client per connection when connecting from some other untrusted network.
> The whole SSL thing looks pretty unfinished like that.
> 

If you don't want to require SSL on the local connections then don't set 
the flag on the @localhost account.

If you want the SSL required on the other connections, then set it on 
the @'...' version of the account that the remote users login through.

All MySQL accounts are tripartate. They consist of: 1) a login (user), 
2) a host designation (or wildcard pattern), and 3) a password. Use that 
host portion of the account to make the distinction between local and 
remote logins.

More about how the MySQL authentication works is available in the manual:
http://dev.mysql.com/doc/refman/5.1/en/user-account-management.html

-- 
Shawn Green
MySQL Principal Technical Support Engineer
Oracle USA, Inc.
Office: Blountville, TN
Thread
How to use SSL? (SSL is enabled but not used)Yves Goergen26 Jul
  • Re: How to use SSL? (SSL is enabled but not used)Yves Goergen9 Aug
    • Re: How to use SSL? (SSL is enabled but not used)MySQL)11 Aug
      • Re: How to use SSL? (SSL is enabled but not used)Anders Kaseorg18 Aug
        • Re: How to use SSL? (SSL is enabled but not used)Yves Goergen18 Aug
          • Re: How to use SSL? (SSL is enabled but not used)Anders Kaseorg18 Aug
          • Re: How to use SSL? (SSL is enabled but not used)MySQL)18 Aug
        • Re: How to use SSL? (SSL is enabled but not used)MySQL)18 Aug
          • Re: How to use SSL? (SSL is enabled but not used)Anders Kaseorg18 Aug
            • Re: How to use SSL? (SSL is enabled but not used)MySQL)18 Aug
              • Re: How to use SSL? (SSL is enabled but not used)Mark Matthews18 Aug
                • Re: How to use SSL? (SSL is enabled but not used)Yves Goergen18 Aug