TransWikia.com

Is my connection using SSL or not?

Database Administrators Asked by IGGt on December 28, 2021

I have two MySQL 5.7 databases ([db1] 5.7.27 and [db2] 5.7.29)

(n.b. db1 is Linux, db2 is Windows)

I have created a basic user on db1:

CREATE USER 'ssltest'@'%' IDENTIFIED BY 'ssltest';
GRANT ALL ON *.* TO 'ssltest'@'%' REQUIRE SSL;

I now connect from db2 to db1:

mysql -h1.2.3.4 -P3306 -ussltest -pssltest

And check the connection:

mysql> show session status like 'ssl_version';
+---------------+---------+
| Variable_name | Value   | 
+---------------+---------+
| Ssl_version   | TLSv1.1 |
+---------------+---------+

mysql> show session status like 'ssl_cipher';
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+

So, this suggests that my connection is indeed using SSL.

However, if I log onto db1 and run:

SELECT 
  sbt.variable_value AS tls_version,  
  t2.variable_value AS cipher, 
  processlist_user AS user, 
  processlist_host AS host 
FROM performance_schema.status_by_thread  AS sbt 
JOIN performance_schema.threads AS t ON t.thread_id = sbt.thread_id 
JOIN performance_schema.status_by_thread AS t2 ON t2.thread_id = t.thread_id 
WHERE sbt.variable_name = 'Ssl_version' 
and t2.variable_name = 'Ssl_cipher' 
ORDER BY tls_version;

I get no results, suggesting that it is not using SSL.

(n.b. If I look in the processlist I can see my connection, so it is definitely connected, and the performance-schema is enabled)

So which one is telling the truth. db1 which is receiving the connection or db2 which is initiating the connection?

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP