Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-3381

MaxScale TLS configuration examples in the KB use deprecated values for ssl parameter

    XMLWordPrintable

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 2.5.8
    • Documentation
    • None

    Description

      The documentation for MaxScale's ssl parameter says that it is deprecated to set the parameter to required:

      ssl
      This enables SSL connections when set to true. The parameter takes a boolean value and is disabled by default. The parameter also accepts the special values required and disabled which were the only supported values before MaxScale 2.3.0. The use of required and disabled is deprecated.
      

      https://mariadb.com/kb/en/mariadb-maxscale-25-mariadb-maxscale-configuration-guide/#ssl

      However, the two TLS configuration examples on the same page set the parameter to the deprecated value.

      It uses the deprecated value in the example server configuration:

      [server1]
      type=server
      address=10.131.24.62
      port=3306
      ssl=required
      ssl_cert=/usr/local/mariadb/maxscale/ssl/crt.max-client.pem
      ssl_key=/usr/local/mariadb/maxscale/ssl/key.max-client.pem
      ssl_ca_cert=/usr/local/mariadb/maxscale/ssl/crt.ca.maxscale.pem
      

      https://mariadb.com/kb/en/mariadb-maxscale-25-mariadb-maxscale-configuration-guide/#example-ssl-enabled-server-configuration

      And it uses the deprecated value in the example listener configuration:

      [RW-Split-Listener]
      type=listener
      service=RW-Split-Router
      protocol=MariaDBClient
      port=3306
      ssl=required
      ssl_cert=/usr/local/mariadb/maxscale/ssl/crt.maxscale.pem
      ssl_key=/usr/local/mariadb/maxscale/ssl/key.csr.maxscale.pem
      ssl_ca_cert=/usr/local/mariadb/maxscale/ssl/crt.ca.maxscale.pem
      

      https://mariadb.com/kb/en/mariadb-maxscale-25-mariadb-maxscale-configuration-guide/#example-ssl-enabled-listener-configuration

      If the required value is deprecated, then the examples should probably set the ssl parameter to true instead.

      Attachments

        Activity

          People

            markus makela markus makela
            GeoffMontee Geoff Montee (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.