Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26851

Provide means to verify Galera using TLS from SQL level

    XMLWordPrintable

Details

    • New Feature
    • Status: Stalled (View Workflow)
    • Major
    • Resolution: Unresolved
    • 11.6
    • Galera
    • None

    Description

      It is possible to configure Galera to use SSL/TLS for communication between nodes, but especially with MariaDB 10.6, a node can be configured to support TLS, but still accept non-encrypted connections. This was added so that a cluster can be converted from non-encrypted to encrypted in a rolling restart

      It would be good to have a way to confirm that all intra-node connections are indeed using encryption using SQL statements, so that compliance can be confirmed without having to capture and inspect actual network traffic.

      As this would not be a single set of values for "encryption used at all?", tls version, certificate and cipher used, etc. but one tuple per node pair, this would probably not work out well using status variables, so exposing this information would rather require adding an INFORMATION_SCHEMA or PERFORMANCE_SCHEMA table ...

      Attachments

        Activity

          People

            Yurchenko Alexey
            hholzgra Hartmut Holzgraefe
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.