Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25059

require_secure_transport option still allow to access the client in a insecure way

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Not a Bug
    • Affects Version/s: 10.5.9
    • Fix Version/s: N/A
    • Component/s: Configuration
    • Labels:
      None
    • Environment:
      Docker image mariadb:latest

      Description

      I executed a mariadb server with TLS, everything worked fine, and the 'require_secure_transport' was ON.

      Then, i tried to access it via client, and i could access it with the --ssl option, but without giving any CA or any other certificate related option. This makes me think that the server do connected via TLS(i could see the ssl cypher with the "status" command), but do not authenticated the server certificate, and i dont think we can call that secure by any way. I only got an error while trying to login with tls without the certs after changing the user requirement.

      So there is no way to ensure that the connection is really secure besides changing the user requirement.

      The conf file used to create the server is attached. I don't think it should matter, but i was using the root user.

        Attachments

          Activity

            People

            Assignee:
            serg Sergei Golubchik
            Reporter:
            ignacio_ ignacio schmid
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration