Tag - SSL

Simplified Percona XtraDB Cluster SSL Configuration

wsrep-stages

In this blog post, we’ll look at a feature that recently added to Percona XtraDB Cluster 5.7.16, that makes it easier to configure Percona XtraDB Cluster SSL for all related communications. It uses mode “encrypt=4”, and configures SSL for both IST/Galera communications and SST communications using the same SSL files. “encrypt=4” is a new […]

Read more

Enabling Percona XtraDB Cluster SST Traffic Encryption

wsrep-stages

In this blog post, we’ll look at enabling Percona XtraDB Cluster SST Traffic Encryption, and some of the changes to the SSL-based encryption of SST traffic in Percona XtraDB Cluster 5.7.16.
Some background
Percona XtraDB Cluster versions prior to 5.7 support encryption methods 0, 1, 2 and 3:

encrypt = 0 : (default) No encryption
encrypt = 1 : […]

Read more

Using Vault with MySQL

MySQL 5.7 root password

Using Vault with MySQL
In my previous post I discussed using GPG to secure your database credentials. This relies on a local copy of your MySQL client config, but what if you want to keep the credentials stored safely along with other super secret information? Sure, GPG could still be used, but there must be […]

Read more

MySQL connection using SSL… or not ?

MySQL connection using SSL

In this blog post, we’ll determine a MySQL connection using SSL… or not.
Since MySQL 5.7.5 the server generates SSL certificates (see auto_generate_certs) by default if compiled with SSL, or uses mysql_ssl_rsa_setup if compiled with YaSSL.
But how can we check to see if our MySQL client connection uses SSL?
When using an interactive client, it’s easy! You […]

Read more

Percona security update: oCERT and SSL improvements

We have recently become a member of oCERT to aid in allowing responsible disclosure for Percona products and services as can be seen on their members page.
We are presently working on the verbiage for the responsible disclosure program, and we are also investigating establishing a bug bounty program. In the mean time you can […]

Read more