/ Database Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Is a MySQL Connection Using SSL or Not?

DZone's Guide to

Is a MySQL Connection Using SSL or Not?

In this blog post, we’ll discuss how we can determine if a MySQL client connection is using SSL. Check out these two options.

by
Frederic Descamps
·
Feb. 28, 16 · Database Zone
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Download the Guide to Open Source Database Selection: MySQL vs. MariaDB and see how the side-by-side comparison of must-have features will ease the journey. Brought to you in partnership with MariaDB.

In this blog post, we’ll discuss how we can determine if a MySQL connection is using SSL.

Since MySQL version 5.7.5, the server generates SSL certificates (see auto_generate_certs) by default if compiled with SSL, or uses mysql_ssl_rsa_setup if compiled with YaSSL.

But, how can we check to see if our MySQL client connection uses SSL?

When using an interactive client, it’s easy! You have two options:

1. Check the Status:

mysql> s
--------------
mysql  Ver 14.14 Distrib 5.7.11, for Linux (x86_64) using  EditLine wrapper
Connection id:7
Current database:
Current user:root@localhost
SSL:Cipher in use is DHE-RSA-AES256-SHA
Current pager:stdout
Using outfile:''
Using delimiter:;
Server version:5.7.11-log MySQL Community Server (GPL)
Protocol version:10
Connection:Localhost via UNIX socket
Server characterset:latin1
Db     characterset:latin1
Client characterset:utf8
Conn.  characterset:utf8
UNIX socket:/var/lib/mysql/mysql.sock
Uptime:36 min 33 sec

As you can see, for that connection, we are indeed using SSL: 

Image title

2. Use the Status Variables Ssl_version and Ssl_cipher

mysql> show  status like 'Ssl_version';
+---------------+---------+
| Variable_name | Value   |
+---------------+---------+
| Ssl_version   | TLSv1.1 |
+---------------+---------+
mysql> show  status like 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+

But, is there a way to verify this on all of the connections? For example, if we have some applications connected to our database server, how do we verify which connections are using SSL and which are not?

Yes, there is a solution: Performance_Schema!

This is how:

mysql> SELECT sbt.variable_value AS tls_version,  t2.variable_value AS cipher,
              processlist_user AS user, processlist_host AS host
       FROM performance_schema.status_by_thread  AS sbt
       JOIN performance_schema.threads AS t ON t.thread_id = sbt.thread_id
       JOIN performance_schema.status_by_thread AS t2 ON t2.thread_id = t.thread_id
      WHERE sbt.variable_name = 'Ssl_version' and t2.variable_name = 'Ssl_cipher' ORDER BY tls_version;
+-------------+--------------------+------+-----------+
| tls_version | cipher             | user | host      |
+-------------+--------------------+------+-----------+
|             |                    | root | localhost |
| TLSv1       | DHE-RSA-AES256-SHA | root | localhost |
| TLSv1.1     | DHE-RSA-AES256-SHA | root | localhost |
+-------------+--------------------+------+-----------+

That’s it. Now, isn’t that easy? 

Interested in reducing database costs by moving from Oracle Enterprise to open source subscription?  Read the total cost of ownership (TCO) analysis. Brought to you in partnership with MariaDB.

Like This Article? Read More From DZone

Using SSL for In-Transit Data Encryption to Improve MySQL Security
How to call a rest webservice with an untrusted SSL certificate
Urlencode/urldecode As MySQL Stored Functions

Free DZone Refcard

Getting Started with Infinispan
DOWNLOAD
Topics:
mysql ,ssl

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Frederic Descamps, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Database Partner Resources

Strategies for modernizing DBMS infrastructure and reducing costs: View IT Market Clock Report
Shift LEFT: Explore how – and why – application and database development can make the most of DevOps
Replacing RDBMS with NoSQL - Real-world lessons and best practices
NoSQL Performance with Full Read/Write Access to SQL
Learn how to achieve Continuous Delivery for Databases in this 110 page E-book
Scale Out your Deployment with an Automated Sharding Process that Ensures Zero Application Downtime
MySQL vs. MariaDB: Guide to Open Source Database Selection
Combine the Innovations of NoSQL with the Critical Capabilities of Relational Databases
Five NoSQL Myths Dispelled by c-treeACE
MongoDB vs. Couchbase: Benchmark clocks Couchbase at 6x on read/write
Replacing proprietary database with open source? Read the Cost Analysis Guide for a Total Cost of Ownership Comparison
New to NoSQL? Learn the key factors driving NoSQL adoption and top 10 use cases

Database Partner Resources

Strategies for modernizing DBMS infrastructure and reducing costs: View IT Market Clock Report
Shift LEFT: Explore how – and why – application and database development can make the most of DevOps
Replacing RDBMS with NoSQL - Real-world lessons and best practices
NoSQL Performance with Full Read/Write Access to SQL
THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone