Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26851

Provide means to verify Galera using TLS from SQL level

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Galera
    • Labels:
      None

      Description

      It is possible to configure Galera to use SSL/TLS for communication between nodes, but especially with MariaDB 10.6, a node can be configured to support TLS, but still accept non-encrypted connections. This was added so that a cluster can be converted from non-encrypted to encrypted in a rolling restart

      It would be good to have a way to confirm that all intra-node connections are indeed using encryption using SQL statements, so that compliance can be confirmed without having to capture and inspect actual network traffic.

      As this would not be a single set of values for "encryption used at all?", tls version, certificate and cipher used, etc. but one tuple per node pair, this would probably not work out well using status variables, so exposing this information would rather require adding an INFORMATION_SCHEMA or PERFORMANCE_SCHEMA table ...

        Attachments

          Activity

            People

            Assignee:
            jplindst Jan Lindström
            Reporter:
            hholzgra Hartmut Holzgraefe
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:

                Git Integration