Server Configuration to Require Secure Client Connections

To make the server restrict access to clients over SSL only, add the REQUIRE SSL clause to the user’s GRANT statement, for example:

CREATE USER 'user'@'%' IDENTIFIED BY 'password';

For example, if REQUIRE SSL is specified for the user user:

## this connection attempt is rejected with an "Access denied" error:
$ mysql -u user -h

## this works:
$ mysql -u user -h --ssl-ca=ca-cert.pem

Unless the client is configured properly, the client may or may not use SSL to connect to SingleStoreDB Cloud even if SSL is enabled on the SingleStoreDB Cloud workspace. Adding REQUIRE SSL helps protect against misconfigured clients by preventing them from connecting over an insecure plaintext connection. However, proper client configuration is still necessary for security against active network attacks, regardless of server configuration. Refer to SingleStoreDB Cloud Endpoints for more information.

Note that the server currently uses a hardcoded version of the TLS protocol.