Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25059

require_secure_transport option still allow to access the client in a insecure way

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Not a Bug
    • 10.5.9
    • N/A
    • Configuration
    • None
    • Docker image mariadb:latest

    Description

      I executed a mariadb server with TLS, everything worked fine, and the 'require_secure_transport' was ON.

      Then, i tried to access it via client, and i could access it with the --ssl option, but without giving any CA or any other certificate related option. This makes me think that the server do connected via TLS(i could see the ssl cypher with the "status" command), but do not authenticated the server certificate, and i dont think we can call that secure by any way. I only got an error while trying to login with tls without the certs after changing the user requirement.

      So there is no way to ensure that the connection is really secure besides changing the user requirement.

      The conf file used to create the server is attached. I don't think it should matter, but i was using the root user.

      Attachments

        Activity

          People

            serg Sergei Golubchik
            ignacio_ ignacio schmid
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.