Topic: Configure TCP/IP with SSL and TLS for Database Connections
why do we need
to configure the TLS connection in any database?
For more secure connections, you can enable Transport Layer
Security (TLS) support on the MySQL server and configure your clients to
establish encrypted connections.
Deployment Diagram:
In this QuickStart, we learn:
·
Stop the MySQL
service
·
Set the ssl=on in
the MySQL config file my.cnf
·
Start
the MySQL Service
·
Validate
the SSL mode
·
Check
the connection status
Step-1 Stop the MySQL service
[root@node01
~]# systemctl status mysqld
[root@node01
~]# systemctl stop mysqld
[root@node01
~]# systemctl status mysqld
Step-2 Set the ssl=on and cipher in the MySQL config file my.cnf
[root@node01 ~]# cat /etc/my.cnf | grep -i
ssl
ssl=on
[mysql@node01 ~]$ cat /etc/my.cnf | grep -i
Cipher
tls_ciphersuites=TLS_AES_256_GCM_SHA384
[mysql@node01 ~]$
Step-3 Start the MySQL
Service
[root@node01 ~]# systemctl start mysqld
[root@node01 ~]# systemctl status mysqld
Step-4
Validate the SSL mode
[mysql@node01 ~]$ mysql -u
root -p
mysql> show global
variables like 'have_%ssl';
mysql> SHOW GLOBAL
VARIABLES LIKE 'tls_version';
Step-5
Check the connection status
-
Using
the MySQL command line
[mysql@node01 ~]$ mysql -u test04 -p
--protocol=TCP
mysql> status;
-
Mysql
connection validation using Mysql workbench
SELECT
t.THREAD_ID,
t.PROCESSLIST_USER,
t.PROCESSLIST_HOST,
t.CONNECTION_TYPE,
sbt.VARIABLE_VALUE AS cipher
FROM
performance_schema.threads t
LEFT JOIN
performance_schema.status_by_thread sbt
ON
(t.THREAD_ID = sbt.THREAD_ID AND sbt.VARIABLE_NAME = 'Ssl_cipher')
WHERE
t.PROCESSLIST_USER IS NOT NULL;