/ Database Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Is a MySQL Connection Using SSL or Not?

DZone's Guide to

Is a MySQL Connection Using SSL or Not?

In this blog post, we’ll discuss how we can determine if a MySQL client connection is using SSL. Check out these two options.

by
Frederic Descamps
·
Feb. 28, 16 · Database Zone
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Learn how to move from MongoDB to Couchbase Server for consistent high performance in distributed environments at any scale.

In this blog post, we’ll discuss how we can determine if a MySQL connection is using SSL.

Since MySQL version 5.7.5, the server generates SSL certificates (see auto_generate_certs) by default if compiled with SSL, or uses mysql_ssl_rsa_setup if compiled with YaSSL.

But, how can we check to see if our MySQL client connection uses SSL?

When using an interactive client, it’s easy! You have two options:

1. Check the Status:

mysql> s
--------------
mysql  Ver 14.14 Distrib 5.7.11, for Linux (x86_64) using  EditLine wrapper
Connection id:7
Current database:
Current user:root@localhost
SSL:Cipher in use is DHE-RSA-AES256-SHA
Current pager:stdout
Using outfile:''
Using delimiter:;
Server version:5.7.11-log MySQL Community Server (GPL)
Protocol version:10
Connection:Localhost via UNIX socket
Server characterset:latin1
Db     characterset:latin1
Client characterset:utf8
Conn.  characterset:utf8
UNIX socket:/var/lib/mysql/mysql.sock
Uptime:36 min 33 sec

As you can see, for that connection, we are indeed using SSL: 

Image title

2. Use the Status Variables Ssl_version and Ssl_cipher

mysql> show  status like 'Ssl_version';
+---------------+---------+
| Variable_name | Value   |
+---------------+---------+
| Ssl_version   | TLSv1.1 |
+---------------+---------+
mysql> show  status like 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+

But, is there a way to verify this on all of the connections? For example, if we have some applications connected to our database server, how do we verify which connections are using SSL and which are not?

Yes, there is a solution: Performance_Schema!

This is how:

mysql> SELECT sbt.variable_value AS tls_version,  t2.variable_value AS cipher,
              processlist_user AS user, processlist_host AS host
       FROM performance_schema.status_by_thread  AS sbt
       JOIN performance_schema.threads AS t ON t.thread_id = sbt.thread_id
       JOIN performance_schema.status_by_thread AS t2 ON t2.thread_id = t.thread_id
      WHERE sbt.variable_name = 'Ssl_version' and t2.variable_name = 'Ssl_cipher' ORDER BY tls_version;
+-------------+--------------------+------+-----------+
| tls_version | cipher             | user | host      |
+-------------+--------------------+------+-----------+
|             |                    | root | localhost |
| TLSv1       | DHE-RSA-AES256-SHA | root | localhost |
| TLSv1.1     | DHE-RSA-AES256-SHA | root | localhost |
+-------------+--------------------+------+-----------+

That’s it. Now, isn’t that easy? 

Want to deliver a whole new level of customer experience? Learn how to make your move from MongoDB to Couchbase Server.

Like This Article? Read More From DZone

SSL Connections in MySQL 5.7
Using SSL for In-Transit Data Encryption to Improve MySQL Security
How to call a rest webservice with an untrusted SSL certificate

Free DZone Refcard

Getting Started with Infinispan
DOWNLOAD
Topics:
mysql ,ssl

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Frederic Descamps, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Database Partner Resources

White paper: Flexible data modeling using dynamic columns, includes sample data and queries.
MongoDB vs. Couchbase: Benchmark clocks Couchbase at 6x on read/write
Five NoSQL Myths Dispelled by c-treeACE
Learn to achieve data integrity and flexibility by combining structured and semi-structured data with MariaDB and JSON.
New to NoSQL? Learn the key factors driving NoSQL adoption and top 10 use cases
Shift LEFT: Explore how – and why – application and database development can make the most of DevOps
Replacing RDBMS with NoSQL - Real-world lessons and best practices
Learn how to achieve Continuous Delivery for Databases in this 110 page E-book
NoSQL Performance with Full Read/Write Access to SQL
Don’t let the database be a bottleneck: Solving Database Deployment Problems with Database DevOps
MySQL vs. MariaDB: Guide to Open Source Database Selection

Database Partner Resources

White paper: Flexible data modeling using dynamic columns, includes sample data and queries.
MongoDB vs. Couchbase: Benchmark clocks Couchbase at 6x on read/write
Five NoSQL Myths Dispelled by c-treeACE
Learn to achieve data integrity and flexibility by combining structured and semi-structured data with MariaDB and JSON.
THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone