# Server Configuration to Require Secure Client Connections

To make the server restrict access to clients over SSL only, add the `REQUIRE SSL` clause to the user’s `GRANT` statement, for example:

```sql
GRANT all ON *.* TO 'user'@'%' REQUIRE SSL;

```

For example, if `REQUIRE SSL` is specified for the user `user`:

```shell
## This connection attempt is rejected with an "Access denied" error:
singlestore -u user -h 1.2.3.4

```

```shell
## This one works:
singlestore -u user -h 1.2.3.4 --ssl-ca=ca-cert.pem
```

Unless the client is configured properly, the client may or may not use SSL to connect to SingleStore even if SSL is enabled on the SingleStore cluster. Adding `REQUIRE SSL` helps protect against misconfigured clients by preventing them from connecting over an insecure plaintext connection. However, proper client configuration is still necessary for security against active network attacks, regardless of server configuration. See [Client Configuration for Secure Client Connections](https://docs.singlestore.com/db/v9.1/security/encryption/ssl-secure-connections/client-configuration-for-secure-client-connections.md).

***

Modified at: May 14, 2026

Source: [/db/v9.1/security/encryption/ssl-secure-connections/server-configuration-to-require-secure-client-connections/](https://docs.singlestore.com/db/v9.1/security/encryption/ssl-secure-connections/server-configuration-to-require-secure-client-connections/)

(An index of the documentation is available at /llms.txt)