On 21/03/2019 9.11, Tuure Vartiainen wrote:
Yes, you can configure SSL to be used by adding ‘mysql_ssl=1’ to DBSource, e.g.
DBSource
dbi:mysql:database=<database>;host=<hostname>;mysql_ssl=1;mysql_ssl_ca_file=/path/to/ca_cert.pem
Ref: https://metacpan.org/pod/DBD::mysql#Class-Methods
While the manual above is correct, there's one additional thing Tuure
and I think needs to be considered when enabling SSL/TLS: The exact
behaviour depends on the software version you have. Recent versions of
DBD::mysql enforce SSL/TLS when mysql_ssl is set to 1. Older versions
downgrade to plain text connections.
In other words, you need to be careful to check that it really uses an
encrypted connection.
Here's more information from Red Hat with further links to more information:
https://access.redhat.com/security/cve/cve-2017-10789
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
