Details
-
Task
-
Status: Open (View Workflow)
-
Trivial
-
Resolution: Unresolved
-
None
-
None
Description
'require_secure_transport' is introduced since 10.4 Enterprise
https://mariadb.com/docs/skysql/ref/mdb/system-variables/require_secure_transport/
When this option is enabled, connections attempted using insecure transport will be rejected. Secure transports are SSL/TLS, Unix sockets or named pipes.
However the error message emitted when connection s refused is not at all explanatory. If this variable is enabled and a client tries to connect without encryption, following error message will be seen:
ERROR 1045 (28000): Access denied for user '<user>'@'localhost' (using password: [YES|NO]) |
It does not provide any useful information to suggest user to connect with encryption, neither does it mention the related parameter 'require_secure_transport'.
The equivalent message from MySQL for example contains more information:
MySQL Error 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON. |
It would be beneficial to change this error message in MariaDB to reflect that the variable is enabled and to suggest user to use encrypted connection.