Friday, 29 August 2025

Configure TCP/IP with SSL and TLS for Database Connections

Topic: Configure TCP/IP with SSL and TLS for Database Connections

 

why do we need to configure the TLS connection in any database?

For more secure connections, you can enable Transport Layer Security (TLS) support on the MySQL server and configure your clients to establish encrypted connections.

 

Deployment Diagram:

In this QuickStart, we learn:

 

·         Stop the MySQL service

·         Set the ssl=on in the MySQL config file my.cnf

·         Start the MySQL Service

·         Validate the SSL mode

·         Check the connection status

 

Step-1 Stop the MySQL service

[root@node01 ~]# systemctl status mysqld   

[root@node01 ~]# systemctl stop  mysqld

[root@node01 ~]# systemctl status mysqld

 

 

Step-2 Set the ssl=on and cipher in the MySQL config file my.cnf

[root@node01 ~]# cat /etc/my.cnf | grep -i ssl

ssl=on

[mysql@node01 ~]$ cat /etc/my.cnf | grep -i Cipher

tls_ciphersuites=TLS_AES_256_GCM_SHA384

[mysql@node01 ~]$

 

Step-3 Start the MySQL Service

 

[root@node01 ~]# systemctl start mysqld

[root@node01 ~]# systemctl status mysqld

 

 

Step-4 Validate the SSL mode

 

[mysql@node01 ~]$ mysql -u root -p

mysql> show global variables like 'have_%ssl';

mysql> SHOW GLOBAL VARIABLES LIKE 'tls_version';

 

 

Step-5 Check the connection status

 

-   Using the MySQL command line

 

[mysql@node01 ~]$ mysql -u test04 -p --protocol=TCP

mysql> status;

 

-   Mysql connection validation using Mysql workbench

 

SELECT

    t.THREAD_ID,

    t.PROCESSLIST_USER,

    t.PROCESSLIST_HOST,

    t.CONNECTION_TYPE,

    sbt.VARIABLE_VALUE AS cipher

FROM

    performance_schema.threads t

LEFT JOIN

    performance_schema.status_by_thread sbt

    ON (t.THREAD_ID = sbt.THREAD_ID AND sbt.VARIABLE_NAME = 'Ssl_cipher')

WHERE

    t.PROCESSLIST_USER IS NOT NULL;

 


Configure TCP/IP with SSL and TLS for Database Connections

Topic : Configure TCP/IP with SSL and TLS for Database Connections   why do we need to configure the TLS connection in any database? ...