[MDEV-27105] --ssl option set as default for mariadb CLI Created: 2021-11-21 Updated: 2023-03-21 Resolved: 2022-07-28 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Scripts & Clients, SSL |
| Fix Version/s: | 10.10.1 |
| Type: | Task | Priority: | Minor |
| Reporter: | Chu3Shah | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | Preview_10.10 | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Description |
|
Hello I'd like to propose that the mariadb CLI has the --ssl option set by default. Although this option alone wont prevent MitM attacks, it raises the security for the CLI by establishing TLS connections, given the database server is able to serve TLS. I create this ticket in reference to an off-topic discussion in yonder ticket: Kind regards |
| Comments |
| Comment by Sergei Golubchik [ 2022-05-21 ] |
|
This contradicts |
| Comment by Soh2oMie [ 2022-05-22 ] |
|
I think a desired default behavior could be to fallback to a unencrypted connection and throw a warning that the TLS connection couldn't be established. Nevertheless if TLS is explicitly requested via the --ssl option and the encrypted connection couldn't be established, an error is thrown. |
| Comment by Sergei Golubchik [ 2022-06-18 ] |
|
Without It's in this branch: preview-10.10-misc. |
| Comment by Sergei Golubchik [ 2022-06-27 ] |
|
Also in bb-10.10- |
| Comment by Ramesh Sivaraman [ 2022-07-28 ] |
|
ok to push |