Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-27105

--ssl option set as default for mariadb CLI

Details

    Description

      Hello

      I'd like to propose that the mariadb CLI has the --ssl option set by default. Although this option alone wont prevent MitM attacks, it raises the security for the CLI by establishing TLS connections, given the database server is able to serve TLS.

      I create this ticket in reference to an off-topic discussion in yonder ticket: MDEV-26997

      Kind regards

      Attachments

        Issue Links

          Activity

            This contradicts MDEV-28634. We can either have --ssl by default or we can have an error if --ssl was requested, but TLS connection couldn't be established. But not both.

            serg Sergei Golubchik added a comment - This contradicts MDEV-28634 . We can either have --ssl by default or we can have an error if --ssl was requested, but TLS connection couldn't be established. But not both.
            Soh2oMie Soh2oMie added a comment -

            I think a desired default behavior could be to fallback to a unencrypted connection and throw a warning that the TLS connection couldn't be established. Nevertheless if TLS is explicitly requested via the --ssl option and the encrypted connection couldn't be established, an error is thrown.

            Soh2oMie Soh2oMie added a comment - I think a desired default behavior could be to fallback to a unencrypted connection and throw a warning that the TLS connection couldn't be established. Nevertheless if TLS is explicitly requested via the --ssl option and the encrypted connection couldn't be established, an error is thrown.
            serg Sergei Golubchik added a comment - - edited

            Without MDEV-28634 the behavior simply is — --ssl is enabled by default. That is everything behaves as if --ssl was specified. Nothing else.

            It's in this branch: preview-10.10-misc.

            serg Sergei Golubchik added a comment - - edited Without MDEV-28634 the behavior simply is — --ssl is enabled by default. That is everything behaves as if --ssl was specified. Nothing else. It's in this branch: preview-10.10-misc .

            Also in bb-10.10-MDEV-27105, without other misc features

            serg Sergei Golubchik added a comment - Also in bb-10.10- MDEV-27105 , without other misc features

            ok to push

            ramesh Ramesh Sivaraman added a comment - ok to push

            People

              serg Sergei Golubchik
              ti0Bee1a Chu3Shah
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.