Details
-
New Feature
-
Status: Stalled (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
Description
It is possible to configure Galera to use SSL/TLS for communication between nodes, but especially with MariaDB 10.6, a node can be configured to support TLS, but still accept non-encrypted connections. This was added so that a cluster can be converted from non-encrypted to encrypted in a rolling restart
It would be good to have a way to confirm that all intra-node connections are indeed using encryption using SQL statements, so that compliance can be confirmed without having to capture and inspect actual network traffic.
As this would not be a single set of values for "encryption used at all?", tls version, certificate and cipher used, etc. but one tuple per node pair, this would probably not work out well using status variables, so exposing this information would rather require adding an INFORMATION_SCHEMA or PERFORMANCE_SCHEMA table ...