Server Configuration to Require Secure Client Connections

To make the server restrict access to clients over SSL only, add the REQUIRE SSL clause to the user’s GRANT statement, for example:

CREATE USER 'user'@'%' IDENTIFIED BY 'password';
ALTER USER 'user'@'%' REQUIRE SSL;

For example, if REQUIRE SSL is specified for the user user:

## This connection attempt is rejected with an "Access denied" error:
mysql -u user -h 1.2.3.4
## This one works:
mysql -u user -h 1.2.3.4 --ssl-ca=ca-cert.pem

Unless the client is configured properly, the client may or may not use SSL to connect to SingleStore Helios even if SSL is enabled on the SingleStore Helios workspace. Adding REQUIRE SSL helps protect against misconfigured clients by preventing them from connecting over an insecure plaintext connection. However, proper client configuration is still necessary for security against active network attacks, regardless of server configuration. Refer to SingleStore Helios Endpoints for more information.

Note that the server currently uses a hardcoded version of the TLS protocol.

Last modified: April 26, 2023

Was this article helpful?