SingleStore Managed Service

Server Configuration to Require Secure Client Connections

To make the server restrict access to clients over SSL only, add the REQUIRE SSL clause to the user’s GRANT statement, for example:

CREATE USER 'user'@'%' IDENTIFIED BY 'password';
ALTER USER 'user'@'%' REQUIRE SSL;

For example, if REQUIRE SSL is specified for the user user:

## this connection attempt is rejected with an "Access denied" error:
$ mysql -u user -h 1.2.3.4

## this works:
$ mysql -u user -h 1.2.3.4 --ssl-ca=ca-cert.pem

Unless the client is configured properly, the client may or may not use SSL to connect to SingleStore DB even if SSL is enabled on the SingleStore DB cluster. Adding REQUIRE SSL helps protect against misconfigured clients by preventing them from connecting over an insecure plaintext connection. However, proper client configuration is still necessary for security against active network attacks, regardless of server configuration. Refer to Managed Service Endpoints for more information.

Note that the server currently uses a hardcoded version of the TLS protocol.