Database Administrators Stack Exchange
Database Administrators Stack Exchange

Questions tagged [ssl]

Secure Sockets Layer (SSL) is a cryptographic protocols that provide communication security over the Internet.

SSL uses a cryptographic system that uses two keys to encrypt data - a public key known to everyone and a private or secret key known only to the recipient of the message

SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL.

208 questions
48
votes
7 answers

How can I verify I'm using SSL to connect to mysql?

I have configured my server to allow SSL, and have modified my client ~/.my.cnf so I use SSL: [client] ssl ssl-cipher=DHE-RSA-AES256-SHA ssl-ca=~/certs/ca-cert.pem When I log in with my client and view the status, it lists a cipher on the SSL…
chris
  • 1,232
  • 5
  • 17
  • 29
39
votes
3 answers

MySQL 5.1.66 SSL connection error ERROR 2026 (HY000)

UPDATE2 Using WireShark I found out the problem string (I hope I did): 28 | 9.582638 | 192.168.18.128 | 192.168.18.129 | MySQL Response Error 1043 And the error is (according to docs): Error: 1043 SQLSTATE: 08S01 (ER_HANDSHAKE_ERROR) Message: Bad…
Sergei Danielian
  • 440
  • 1
  • 4
  • 9
34
votes
5 answers

How to examine PostgreSQL server's SSL certificate?

Suppose there is a PostgreSQL server running and it has SSL enabled. Using "standard" Linux and PostgreSQL tools, how can I examine its SSL certificate? I'm hoping for output similar to what you would get from running openssl x509 -text .... And…
csd
  • 700
  • 1
  • 6
  • 11
31
votes
6 answers

SQL Server compatibility with New TLS Standards

The major browsers are moving beyond SSL3.0 and TLS1.0 . The PCI Security Council has declared an end-of-life date for these protocols to be considered sufficiently strong encryption. We need to move away from these protocols, to use newer and…
Mark Goldfain
  • 413
  • 1
  • 4
  • 7
23
votes
4 answers

SQL server service won’t start after disabling TLS 1.0 and SSL 3.0

Because of security reasons, we disabled TLS 1.0 and older protocols on our windows, and enabled just TLS 1.1 and TLS 1.2 under the following registry path: …
Jiri Mares
  • 331
  • 1
  • 2
  • 5
21
votes
8 answers

MySQL Workbench: "ssl is required but the server doesn't support it"

I'm having trouble finding answers with various Internet and Google searches for MySQL Workbench issue I'm experiencing. I have not found any answers on how to make this work again. Here's the MySQL Workbench error I'm having issues troubleshooting…
morgansbyers
  • 383
  • 1
  • 3
  • 6
20
votes
2 answers

How to verify SSL always being used on Postgresql 9.6

I have a sensitive application with app server and db on separate machines, and in the case of the slave db, in separate data-centers. Although I believe my postgresqls are configured to always use ssl I need a way to double-check this. Is there…
David Simic
  • 301
  • 1
  • 2
  • 3
19
votes
2 answers

How can client retrieve SQL Server public SSL certificate?

Can a user retrieve the connection certificate for an SQL Server instance (similar to how someone can retrieve an HTTP certificate)? If so, how? Context If encryption is requested by the SQL Server client, the server certificate must be validated…
outis
  • 375
  • 1
  • 3
  • 14
16
votes
5 answers

MySQL SSL error: Unable to get private key

Getting an error while trying to enable encryption: [ERROR] SSL error: Unable to get private key from '/etc/mysql/ssl/nginx.key' [Warning] Failed to set up SSL because of the following SSL library error: Unable to get private…
Velkan
  • 411
  • 1
  • 3
  • 8
12
votes
2 answers

Having a PostgreSQL database exposed to the internet

I've seen on DBA and other sites that exposing a database to the Internet is a particularly bad idea, but I noticed that PostgreSQL has SSL-certificate-only authentication. Does this make it any safer to expose a database to the internet (cert-only…
dreamlax
  • 375
  • 2
  • 5
  • 13
12
votes
2 answers

How do you properly remove "REQUIRE SSL" from a single user?

I successfully granted REQUIRE SSL to a single user by doing... mysql -u"${targetMySqlUser}" -p"${targetMySqlPass}" -e "GRANT USAGE ON dbname.* TO 'dbusername'@'%' REQUIRE SSL;" but im failing on REMOVING or REVOKING this flag from the user, using…
Axel Werner
  • 265
  • 2
  • 3
  • 6
11
votes
1 answer

"Force Encryption" vs "Force Protocol Encryption" in SQL Server

I'm trying to understand how the different settings affect the behaviour of my server-client communication. On the server I have installed a self-signed CA with an issued exchange cert which also has been configured to be used by my SQL service. At…
Andreas Zita
  • 259
  • 1
  • 2
  • 8
11
votes
5 answers

How is possible to configure TLSv1.1 protocol for SSL connection in PostgreSQL?

I need to configure TLS 1.1 protocol for SSL connection in PostgreSQL. I was not able to see protocol setting in the PostgreSQL configuration It is required to disable SSL protocols and TLSv1 and enable only TLSv1.1 (or TLSv1.2) Added PCI DSS v3.1…
Michael
  • 163
  • 1
  • 1
  • 9
9
votes
3 answers

MS SQL Server accepts non-SSL connections even with Force Encryption enabled on the server side

I am forcing encryption on my SQL Server. My intention is to reject any client connection that does not use SSL to connect. Am I on the right track? Here are my detailed steps : makecert -r -pe -n "CN=slc02xla.company.com" -b 01/01/2000 -e…
Codrguy
  • 195
  • 1
  • 1
  • 5
8
votes
2 answers

query to determine forceencryption state

I'm trying to confirm whether or not force encryption is currently set and/or if the current connection is secure or not. Is there a SQL query I can run that will give me that information or do I need to log onto the machine and interrogate it…
Richard
  • 183
  • 4
1
2 3
13 14