Server Configuration to Require Secure Client Connections
To make the server restrict access to clients over SSL only, add the REQUIRE SSL
clause to the user’s GRANT
statement, for example:
CREATE USER 'user'@'%' IDENTIFIED BY 'password';ALTER USER 'user'@'%' REQUIRE SSL;
For example, if REQUIRE SSL
is specified for the user user
:
## This connection attempt is rejected with an "Access denied" error:mysql -u user -h 1.2.3.4
## This one works:mysql -u user -h 1.2.3.4 --ssl-ca=ca-cert.pem
Unless the client is configured properly, the client may or may not use SSL to connect to SingleStore Helios even if SSL is enabled on the SingleStore Helios workspace.REQUIRE SSL
helps protect against misconfigured clients by preventing them from connecting over an insecure plaintext connection.
Note that the server currently uses a hardcoded version of the TLS protocol.
Last modified: April 26, 2023