|
When setting up a regular slave and a binlog router for encrypted replication with:
CHANGE MASTER TO MASTER_HOST='master',
|
MASTER_USER='repl',
|
MASTER_PASSWORD='secret',
|
MASTER_USE_GTID=SLAVE_POS,
|
MASTER_SSL=1,
|
MASTER_SSL_CA='/vagrant/ssl/ca-cert.pem',
|
MASTER_SSL_CERT='/vagrant/ssl/maxscale-cert.pem',
|
MASTER_SSL_KEY='/vagrant/ssl/maxscale-key.pem' ;
|
I can verify that both are indeed using encryption:
SELECT thread_id, name, processlist_host, connection_type
|
FROM threads
|
WHERE processlist_command ="Binlog Dump";
|
+-----------+---------------------------+------------------+-----------------+
|
| thread_id | name | processlist_host | connection_type |
|
+-----------+---------------------------+------------------+-----------------+
|
| 62 | thread/sql/one_connection | slave-1 | SSL/TLS |
|
| 72 | thread/sql/one_connection | maxscale | SSL/TLS |
|
+-----------+---------------------------+------------------+-----------------+
|
The regular slave correctly shows that TLS is used:
MariaDB [(none)]> SHOW SLAVE STATUS\G
|
*************************** 1. row ***************************
|
[...]
|
Slave_IO_Running: Yes
|
Slave_SQL_Running: Yes
|
[...]
|
Master_SSL_Allowed: Yes
|
Master_SSL_CA_File: /vagrant/ssl/ca-cert.pem
|
Master_SSL_CA_Path:
|
Master_SSL_Cert: /vagrant/ssl/maxscale-cert.pem
|
Master_SSL_Cipher:
|
Master_SSL_Key: /vagrant/ssl/maxscale-key.pem
|
Master_SSL_Verify_Server_Cert: No
|
Master_SSL_Crl: /vagrant/ssl/ca-cert.pem
|
Master_SSL_Crlpath:
|
[...]
|
Not so when running SHOW SLAVE STATUS via the Maxscale binlog router though, here nothing is shown in Master_SSL_... fields:
MariaDB [(none)]> show slave status \G
|
*************************** 1. row ***************************
|
[...]
|
Slave_IO_Running: Yes
|
Slave_SQL_Running: Yes
|
[...]
|
Master_SSL_Allowed: No
|
Master_SSL_CA_File:
|
Master_SSL_CA_Path:
|
Master_SSL_Cert:
|
Master_SSL_Cipher:
|
Master_SSL_Key:
|
Master_SSL_Verify_Server_Cert: No
|
Master_SSL_Crl:
|
Master_SSL_Crlpath:
|
[...]
|
|