doulan2827 2016-05-19 07:58
浏览 528
已采纳

如何知道与数据库的连接是否使用SSL

I'm using mysqli on PHP to connect to a mysql database. The database have open connection both with ssl and not. I have produced this code:

$db = mysqli_init();
$db->ssl_set(NULL, NULL,'rds-combined-ca-bundle.pem',NULL,NULL);
$db->real_connect($hostname,$username,$password,$database);
$res = $db->query('SHOW TABLES;');
print_r ($res);
$db->close();

The output I get it's pretty fine, I get what I want, but I don't understand if my connection is goin out with SSL or not. If I change the cert name to xyzrds-combined-ca-bundle.pem, it keeps working with no errors... so I guess it just switch on no-ssl when the cert fail.

Any clue on how I can know if I'm connected with SSL or not?

Thanks a lot

RESOLVED

Php code to check it is the following:

$db = mysqli_init();
$db->ssl_set(NULL, NULL,'rds-combined-ca-bundle.pem',NULL,NULL);
$db->real_connect($hostname,$username,$password,$database);
$res = $db->query("SHOW STATUS LIKE 'Ssl_cipher';");
while ( $row = $res->fetch_array() ) {
    print_r($row);
}
$db->close();

Result

if the Certificate is correctly used:

Array
(
    [0] => Ssl_cipher
    [Variable_name] => Ssl_cipher
    [1] => AES256-SHA
    [Value] => AES256-SHA
)

if you remove or miss the certificate, you'll get:

Array
(
    [0] => Ssl_cipher
    [Variable_name] => Ssl_cipher
    [1] =>
    [Value] =>
)
  • 写回答

2条回答 默认 最新

  • douzen1896 2016-05-19 08:48
    关注

    You can configure SSL for each client, so you can have SSL and NON SSL connections the same time.

    You can chech if SSL is configured by sending the following command: mysql> show variables like '%ssl%';

    The output should look like this:

    +---------------+----------------------------------+
    | Variable_name | Value                            |
    +---------------+----------------------------------+
    | have_openssl  | YES                              |
    | have_ssl      | YES                              |
    | ssl_ca        | /etc/mysql/ca-cert.pem           |
    | ssl_capath    |                                  |
    | ssl_cert      | /etc/mysql/server-cert.pem       |
    | ssl_cipher    |                                  |
    | ssl_key       | /etc/mysql/server-key.pem        |
    +---------------+----------------------------------+
    

    You can set the following configuration to your mYSQL user:

    REQUIRE X509: a valid SSL certificate must be used

    REQUIRE ISSUER / REQUIRE SUBJECT: a SSL certificate with specific ISSUER and/or SUBJECT must be used

    REQUIRE SSL: the connection is forced to use SSL, authentification can be done by password or valid SSL certificate

    With the following comamnd you can check the status of your connected clients:

    mysql> SHOW STATUS LIKE 'Ssl_cipher';

    Output should look like this:

    +---------------+--------------------+
    | Variable_name | Value              |
    +---------------+--------------------+
    | Ssl_cipher    | DHE-RSA-AES256-SHA | 
    +---------------+--------------------+
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 qt中connect两个signal
  • ¥20 pix2pixHD运行测试命令时出现数据类型错误无法反向传播的问题
  • ¥15 python处理Excel符合条件的行自动填写数据分类
  • ¥15 汇编hook举例并讲解(通俗易懂,学习用)
  • ¥20 用c++语言模拟键盘电子琴设计
  • ¥15 STM32cubemx生成keil工程,有问题与正常的情况不同,求解!
  • ¥15 如何自动点击银行app的安全键盘,实现密码自动输入
  • ¥15 关于四边形重叠的问题
  • ¥15 用verilog语言设计一个简易的八音符电子琴,可通过按键输入来控制音响。演奏时可以选择是手演奏(由键盘输入)或自动演奏已存入的乐曲。能够自动演奏多首乐曲,且每首乐曲可重复演奏
  • ¥15 sap gui脚本每次到导出Excel的时候就停住不动。不会另存为。