'require_secure_transport' is introduced since 10.4 Enterprise

https://mariadb.com/docs/skysql/ref/mdb/system-variables/require_secure_transport/

When this option is enabled, connections attempted using insecure transport will be rejected. Secure transports are SSL/TLS, Unix sockets or named pipes.

However the error message emitted when connection s refused is not at all explanatory. If this variable is enabled and a client tries to connect without encryption, following error message will be seen:

ERROR 1045 (28000): Access denied for user '<user>'@'localhost' (using password: [YES|NO])

It does not provide any useful information to suggest user to connect with encryption, neither does it mention the related parameter 'require_secure_transport'.

The equivalent message from MySQL for example contains more information:

MySQL Error 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.

It would be beneficial to change this error message in MariaDB to reflect that the variable is enabled and to suggest user to use encrypted connection.