Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Restricting MySQL Connections to Secure Transport
MySQL will make secure connections easier when it has streamlined key generation for both MySQL Community and MySQL Enterprise. This way, the security is improved by expanding support for TLSv1.1 and TLSv1.2. This also helps administrators determine if clients are connecting securely or not with enhanced visibility into connection types.
Extending this importance on secure connections, MySQL server introduced a new server-side configuration option that allows MySQL administrators to restrict connections to clients who use secure transport. When we say about the connection needing secure transport, the first question that needs to be addressed is the kind of transport it uses.
Secure Transports
Let us see the kinds of transport that are considered secure −
SSL/TLS
Socket
Shared Memory
In particular, connections on Windows machines that use the named pipe transport are not considered to be secure. These connections are usually made locally, and named pipe connections can be made remotely. But they also lack data encryption that would protect payloads which are sent over the wire.
The - -require_secure_transport configuration option was newly added. Here, the boolean option default is OFF. This means that connections that use any of the above mentioned supported
protocols are accepted, if they are consistent with legacy behaviour. Setting -- require_secure_transport=ON makes the server reject new connections which don’t use one of the connection types shown above.
Insecure Connection
Clients that are rejected due to insecure connections would receive the below mentioned error −
Example
D:\mysql-advanced-5.7.10-winx64>bin\mysql -uroot -P3310 --skip-ssl
Output
ERROR 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.
Example
D:\mysql-advanced-5.7.10-winx64>bin\mysql -uroot -P3310 --skip-ssl
Output
ERROR 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.
Interaction with account-level requirements
MySQL also supports requiring TLS for specific accounts. This is done by including the REQUIRE SSL clause in CREATE or ALTER USER commands. The new --require_secure_transport option will add these account-level requirements by enforcing secure transport at a global level.
507 Views
