[MDEV-24342] forcing user encryption - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Incomplete
Affects Version/s: None
Fix Version/s: N/A
Component/s: Encryption
Labels:
- need_feedback

Description

MariaDB 10.4.12

+----------------------------------------------------------------------------------------------------+

| CREATE USER for external_user@%                                                                                |

+----------------------------------------------------------------------------------------------------+

| CREATE USER 'external_user'@'%' IDENTIFIED BY PASSWORD '*AAD4C8BF6E6FF7F1185C0248DED4E1B674017384' REQUIRE SSL |

+----------------------------------------------------------------------------------------------------+

i have enabled ssl for the database server and have implemented forced encryption for only 1 account. however they are still able to run un-encrypted transactions using that account. what am i doing missing?

MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE 'tls_version';

+---------------+---------+

| Variable_name | Value   |

+---------------+---------+

| tls_version   | TLSv1.2 |

+---------------+---------+

1 row in set (0.001 sec)

MariaDB [(none)]> SHOW VARIABLES LIKE '%SSL%';

+---------------------+-------------------------------------+

| Variable_name       | Value                               |

+---------------------+-------------------------------------+

| have_openssl        | NO                                  |

| have_ssl            | YES                                 |

| ssl_ca              | /opt/app/mysql/data/ca-cert.pem     |

| ssl_capath          |                                     |

| ssl_cert            | /opt/app/mysql/data/server-cert.pem |

| ssl_cipher          |                                     |

| ssl_crl             |                                     |

| ssl_crlpath         |                                     |

| ssl_key             | /opt/app/mysql/data/server-key.pem  |

| version_ssl_library | WolfSSL 4.3.0                       |

+---------------------+-------------------------------------+

10 rows in set (0.001 sec)

MariaDB [(none)]> ALTER USER 'external_user'@'%' REQUIRE SSL;

Query OK, 0 rows affected (0.004 sec)

MariaDB [(none)]> select user, host, ssl_type, ssl_cipher, x509_issuer, x509_subject  from mysql.user where user='external_user';

+---------------+------+----------+------------+-------------+--------------+

| User          | Host | ssl_type | ssl_cipher | x509_issuer | x509_subject |

+---------------+------+----------+------------+-------------+--------------+

| external_user | %    | ANY      |            |             |              |

+---------------+------+----------+------------+-------------+--------------+

1 row in set (0.001 sec)

MariaDB [(none)]>

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Michael Necklas

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2020-12-03 14:56

Updated:: 2021-01-07 15:45

Resolved:: 2021-01-07 15:45

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.