Server Configuration to Require Secure Client Connections

To make the server restrict access to clients over SSL only, add the REQUIRE SSL clause to the user’s GRANT statement, for example:

GRANT all ON *.* TO 'user'@'%' REQUIRE SSL;

For example, if REQUIRE SSL is specified for the user user:

## This connection attempt is rejected with an "Access denied" error:
mysql -u user -h 1.2.3.4
## This one works:
mysql -u user -h 1.2.3.4 --ssl-ca=ca-cert.pem

Unless the client is configured properly, the client may or may not use SSL to connect to SingleStore even if SSL is enabled on the SingleStore cluster. Adding REQUIRE SSL helps protect against misconfigured clients by preventing them from connecting over an insecure plaintext connection. However, proper client configuration is still necessary for security against active network attacks, regardless of server configuration. See Client Configuration for Secure Client Connections.

Last modified: April 26, 2023

Was this article helpful?