doulan2827 2016-05-19 07:58
浏览 528
已采纳

如何知道与数据库的连接是否使用SSL

I'm using mysqli on PHP to connect to a mysql database. The database have open connection both with ssl and not. I have produced this code:

$db = mysqli_init();
$db->ssl_set(NULL, NULL,'rds-combined-ca-bundle.pem',NULL,NULL);
$db->real_connect($hostname,$username,$password,$database);
$res = $db->query('SHOW TABLES;');
print_r ($res);
$db->close();

The output I get it's pretty fine, I get what I want, but I don't understand if my connection is goin out with SSL or not. If I change the cert name to xyzrds-combined-ca-bundle.pem, it keeps working with no errors... so I guess it just switch on no-ssl when the cert fail.

Any clue on how I can know if I'm connected with SSL or not?

Thanks a lot

RESOLVED

Php code to check it is the following:

$db = mysqli_init();
$db->ssl_set(NULL, NULL,'rds-combined-ca-bundle.pem',NULL,NULL);
$db->real_connect($hostname,$username,$password,$database);
$res = $db->query("SHOW STATUS LIKE 'Ssl_cipher';");
while ( $row = $res->fetch_array() ) {
    print_r($row);
}
$db->close();

Result

if the Certificate is correctly used:

Array
(
    [0] => Ssl_cipher
    [Variable_name] => Ssl_cipher
    [1] => AES256-SHA
    [Value] => AES256-SHA
)

if you remove or miss the certificate, you'll get:

Array
(
    [0] => Ssl_cipher
    [Variable_name] => Ssl_cipher
    [1] =>
    [Value] =>
)
  • 写回答

2条回答 默认 最新

  • douzen1896 2016-05-19 08:48
    关注

    You can configure SSL for each client, so you can have SSL and NON SSL connections the same time.

    You can chech if SSL is configured by sending the following command: mysql> show variables like '%ssl%';

    The output should look like this:

    +---------------+----------------------------------+
| Variable_name | Value                            |
+---------------+----------------------------------+
| have_openssl  | YES                              |
| have_ssl      | YES                              |
| ssl_ca        | /etc/mysql/ca-cert.pem           |
| ssl_capath    |                                  |
| ssl_cert      | /etc/mysql/server-cert.pem       |
| ssl_cipher    |                                  |
| ssl_key       | /etc/mysql/server-key.pem        |
+---------------+----------------------------------+

    You can set the following configuration to your mYSQL user:

    REQUIRE X509: a valid SSL certificate must be used

    REQUIRE ISSUER / REQUIRE SUBJECT: a SSL certificate with specific ISSUER and/or SUBJECT must be used

    REQUIRE SSL: the connection is forced to use SSL, authentification can be done by password or valid SSL certificate

    With the following comamnd you can check the status of your connected clients:

    mysql> SHOW STATUS LIKE 'Ssl_cipher';

    Output should look like this:

    +---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA | 
+---------------+--------------------+
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!
  • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮
  • ¥15 ads仿真结果在圆图上是怎么读数的
  • ¥20 Cotex M3的调试和程序执行方式是什么样的?
  • ¥20 java项目连接sqlserver时报ssl相关错误
  • ¥15 一道python难题3