Details
-
New Feature
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
-
MXS-SPRINT-265, MXS-SPRINT-266, MXS-SPRINT-267
Description
A listener should allow encrypted and unencrypted connections, depending on configuration. The accepted values for the ssl-setting will be:
ssl=disable
|
ssl=allow
|
ssl=require
|
The old values such as "true" and "false" will still be supported, with their original meanings. The breaking change with this is that the REST-API output type of the listener and server ssl-parameter will be a string instead of a boolean.
Listeners will default to allow-mode, as it is the most flexible option and does not require additional configuration. Servers are still unencrypted by default, and do not (yet) support allow-mode.
Original description:
The Mariadb database listener allows SSL and unsecured connections on the same port.
Maxscale does not allow SSL and unsecured connections on the same port.
Documentation is clear on this:
https://mariadb.com/kb/en/mariadb-maxscale-2402-maxscale-2402-mariadb-maxscale-configuration-guide/#tlsssl-encryption
which states:
"Note: MaxScale does not allow mixed use of TLS/SSL and normal connections on the same port."
There should be a way allow mixed use so that the listener can match what the database offers. Example
SSL=TRUE
|
SSL=FALSE
|
SSL=MIXED
|
Attachments
Issue Links
- relates to
-
MXS-6383 Support the "allow" SSL-mode in server configuration
-
- In Progress
-