Bug #75368 Option to require SSL at the client side
Submitted: 31 Dec 2014 13:24 Modified: 17 Jul 2015 13:35
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S4 (Feature request)
Version:5.7 OS:Any
Assigned to: Georgi Kodinov CPU Architecture:Any
Tags: replication, Security, SSL, tls

[31 Dec 2014 13:24] Daniël van Eeden 
Description:
The only option now to require SSL is to set REQUIRE SSL (or X509 etc) on the user. Please add an option to force SSL on the client side also.

It doesn't make much sense to use --ssl-verify-server-cert if it may not use SSL at all.

This is for the regular clients like mysql/mysqldump/etc and for replication.

How to repeat:
Try to force the use of SSL on the client side (e.g cloud and/or hosted setups)

Suggested fix:
Add option to require SSL on the client side.
[17 Jul 2015 13:35] Georgi Kodinov 
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html

http://dev.mysql.com/doc/refman/5.7/en/ssl-options.html#option_general_ssl says:

 As of MySQL 5.7.3, --ssl requires the client to connect to the server using SSL. If an encrypted connection cannot be established, the connection attempt fails. If the connection attempt succeeds, the connection is guaranteed to use SSL.