[RADIATOR] MySQL and SSL
Heikki Vatiainen
hvn at open.com.au
Thu Mar 21 20:39:19 UTC 2019
On 21/03/2019 9.11, Tuure Vartiainen wrote:
> Yes, you can configure SSL to be used by adding ‘mysql_ssl=1’ to DBSource, e.g.
>
> DBSource dbi:mysql:database=<database>;host=<hostname>;mysql_ssl=1;mysql_ssl_ca_file=/path/to/ca_cert.pem
>
> Ref: https://metacpan.org/pod/DBD::mysql#Class-Methods
While the manual above is correct, there's one additional thing Tuure
and I think needs to be considered when enabling SSL/TLS: The exact
behaviour depends on the software version you have. Recent versions of
DBD::mysql enforce SSL/TLS when mysql_ssl is set to 1. Older versions
downgrade to plain text connections.
In other words, you need to be careful to check that it really uses an
encrypted connection.
Here's more information from Red Hat with further links to more information:
https://access.redhat.com/security/cve/cve-2017-10789
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
More information about the radiator
mailing list