In this blog post, we’ll discuss how we can determine if a MySQL connection is using SSL. Since MySQL 5.7.5 the server generates SSL certificates (see auto_generate_certs) by default if compiled with SSL, or uses mysql_ssl_rsa_setup if compiled with YaSSL. But how can we check to see if our MySQL client connection uses SSL ? When using an […]
Read MoreWe have recently become a member of oCERT to aid in allowing responsible disclosure for Percona products and services as can be seen on their members page. We are presently working on the verbiage for the responsible disclosure program, and we are also investigating establishing a bug bounty program. In the mean time you can […]
Read MoreThe CVE-2015-0204 FREAK SSL vulnerability abuses intentionally weak “EXPORT” ciphers which could be used to perform a transparent Man In The Middle attack. (We seem to be continually bombarded with not only SSL vulnerabilities but the need to name vulnerabilities with increasing odd names.) Is your server vulnerable? This can be tested using the following GIST […]
Read MoreIf you’ve been following this blog (my colleague, David Busby, posted about it yesterday) or any tech news outlet in the past few days, you’ve probably seen some mention of the “Heartbleed” vulnerability in certain versions of the OpenSSL library. So what is ‘Heartbleed’, really? In short, Heartbleed is an information-leak issue. An attacker can […]
Read MoreThis is part two on a two-part series on the performance implications of in-flight data encryption with MySQL. In the first part, I focused specifically on the impact of using MySQL’s built-in SSL support with some rather surprising results. Certainly it was expected that query throughput would be lower with SSL than without, but I […]
Read MoreNOTE: This is part 1 of what will be a two-part series on the performance implications of using in-flight data encryption. Some of you may recall my security webinar from back in mid-August; one of the follow-up questions that I was asked was about the performance impact of enabling SSL connections. My answer was 25%, […]
Read MoreThere are different articles on how to setup MySQL with SSL but it’s sometimes difficult to end up with a good simple one. Usually, setting up MySQL SSL is not really a smooth process due to such factors like “it’s not your day”, something is broken apparently or the documentation lies 🙂 I am going […]
Read MoreFew people realize that Galera/Percona XtraDB (PXC) replication can be encrypted via SSL for secure transfer of your replicated data. Setting this up is actually quite easy to do and probably will look familiar to a lot of people. Setting up SSL and Galera Create and propagate a single key/cert pair First, we create a […]
Read MorePercona’s widely read Percona Data Performance blog highlights our expertise in enterprise-class software, support, consulting and managed services solutions for both MySQL® and MongoDB® across traditional and cloud-based platforms. The decades of experience represented by our consultants is found daily in numerous and relevant blog posts.
Besides specific database help, the blog also provides notices on upcoming events and webinars.
Want to get weekly updates listing the latest blog posts? Subscribe to our blog now! Submit your email address below and we’ll send you an update every Friday at 1pm ET.
No, thank you. Please do not ask me again.
