EmergencyEMERGENCY? Get 24/7 Help Now!

ProxySQL Improves MySQL SSL Connections

 | September 19, 2017 |  Posted In: MySQL, ProxySQL, Security, SSL

In this blog post, we’ll look at how ProxySQL improves MySQL SSL connection performance. When deploying MySQL with SSL, the main concern is that the initial handshake causes significant overhead if you are not using connection pools (i.e., mysqlnd-mux with PHP, mysql.connector.pooling in Python, etc.). Closing and making new connections over and over can greatly impact […]

Read More

Webinar Tuesday July 11, 2017: Securing Your MySQL/MariaDB Data

 | July 10, 2017 |  Posted In: MariaDB, MySQL, Security, SSL, Technical Webinars

Securing Your MySQL/MariaDB Data

Join Percona’s Chief Evangelist, Colin Charles as he presents Securing Your MySQL/MariaDB Data on Tuesday, July 11, 2017 at 7:00 am PDT / 10:00 am EDT (UTC-7). Register Now This webinar will discuss the features of MySQL/MariaDB that when enabled and used improve the default usage of MySQL. Many cloud-based applications fail to: Use appropriate filesystem […]

Read More

SSL Connections in MySQL 5.7

 | June 27, 2017 |  Posted In: MySQL, Security, SSL

SSL Connections

This blog post looks at SSL connections and how they work in MySQL 5.7. Recently I was working on an SSL implementation with MySQL 5.7, and I made some interesting discoveries. I realized I could connect to the MySQL server without specifying the SSL keys on the client side, and the connection is still secured […]

Read More

Percona XtraDB Cluster: “dh key too small” error during an SST using SSL

 | April 23, 2017 |  Posted In: Percona XtraDB Cluster, Security, XtraDB Cluster

wsrep-stages

If you’ve tried to use SSL in Percona XtraDB Cluster and saw an error in the logs like SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small, we’ve implemented some changes in Percona XtraDB Cluster 5.6.34 and 5.7.16 that get rid of these errors. Some background dh key too small refers to the Diffie-Hellman parameters used by the SSL code that are […]

Read More

Simplified Percona XtraDB Cluster SSL Configuration

 | April 21, 2017 |  Posted In: MySQL, Percona XtraDB Cluster, Security, XtraDB Cluster

wsrep-stages

In this blog post, we’ll look at a feature that recently added to Percona XtraDB Cluster 5.7.16, that makes it easier to configure Percona XtraDB Cluster SSL for all related communications. It uses mode “encrypt=4”, and configures SSL for both IST/Galera communications and SST communications using the same SSL files. “encrypt=4” is a new encryption […]

Read More

Enabling Percona XtraDB Cluster SST Traffic Encryption

 | April 21, 2017 |  Posted In: Percona XtraDB Cluster, Security, XtraDB Cluster

wsrep-stages

In this blog post, we’ll look at enabling Percona XtraDB Cluster SST Traffic Encryption, and some of the changes to the SSL-based encryption of SST traffic in Percona XtraDB Cluster 5.7.16. Some background Percona XtraDB Cluster versions prior to 5.7 support encryption methods 0, 1, 2 and 3: encrypt = 0 : (default) No encryption encrypt […]

Read More

MySQL connection using SSL… or not ?

 | February 23, 2016 |  Posted In: MySQL

MySQL connection using SSL

In this blog post, we’ll discuss how we can determine if a MySQL connection is using SSL. Since MySQL 5.7.5 the server generates SSL certificates (see auto_generate_certs) by default if compiled with SSL, or uses mysql_ssl_rsa_setup if compiled with YaSSL. But how can we check to see if our MySQL client connection uses SSL ? When using an […]

Read More

Percona security update: oCERT and SSL improvements

 | May 18, 2015 |  Posted In: MySQL, Security

We have recently become a member of oCERT to aid in allowing responsible disclosure for Percona products and services as can be seen on their members page. We are presently working on the verbiage for the responsible disclosure program, and we are also investigating establishing a bug bounty program. In the mean time you can […]

Read More

How to test if CVE-2015-0204 FREAK SSL security flaw affects you

 | March 5, 2015 |  Posted In: MySQL, Security

The CVE-2015-0204 FREAK SSL vulnerability abuses intentionally weak “EXPORT” ciphers which could be used to perform a transparent Man In The Middle attack. (We seem to be continually bombarded with not only SSL vulnerabilities but the need to name vulnerabilities with increasing odd names.) Is your server vulnerable? This can be tested using the following GIST […]

Read More