doulan2827 2016-05-19 07:58
浏览 529
已采纳

如何知道与数据库的连接是否使用SSL

I'm using mysqli on PHP to connect to a mysql database. The database have open connection both with ssl and not. I have produced this code:

$db = mysqli_init();
$db->ssl_set(NULL, NULL,'rds-combined-ca-bundle.pem',NULL,NULL);
$db->real_connect($hostname,$username,$password,$database);
$res = $db->query('SHOW TABLES;');
print_r ($res);
$db->close();

The output I get it's pretty fine, I get what I want, but I don't understand if my connection is goin out with SSL or not. If I change the cert name to xyzrds-combined-ca-bundle.pem, it keeps working with no errors... so I guess it just switch on no-ssl when the cert fail.

Any clue on how I can know if I'm connected with SSL or not?

Thanks a lot

RESOLVED

Php code to check it is the following:

$db = mysqli_init();
$db->ssl_set(NULL, NULL,'rds-combined-ca-bundle.pem',NULL,NULL);
$db->real_connect($hostname,$username,$password,$database);
$res = $db->query("SHOW STATUS LIKE 'Ssl_cipher';");
while ( $row = $res->fetch_array() ) {
    print_r($row);
}
$db->close();

Result

if the Certificate is correctly used:

Array
(
    [0] => Ssl_cipher
    [Variable_name] => Ssl_cipher
    [1] => AES256-SHA
    [Value] => AES256-SHA
)

if you remove or miss the certificate, you'll get:

Array
(
    [0] => Ssl_cipher
    [Variable_name] => Ssl_cipher
    [1] =>
    [Value] =>
)
  • 写回答

2条回答 默认 最新

  • douzen1896 2016-05-19 08:48
    关注

    You can configure SSL for each client, so you can have SSL and NON SSL connections the same time.

    You can chech if SSL is configured by sending the following command: mysql> show variables like '%ssl%';

    The output should look like this:

    +---------------+----------------------------------+
| Variable_name | Value                            |
+---------------+----------------------------------+
| have_openssl  | YES                              |
| have_ssl      | YES                              |
| ssl_ca        | /etc/mysql/ca-cert.pem           |
| ssl_capath    |                                  |
| ssl_cert      | /etc/mysql/server-cert.pem       |
| ssl_cipher    |                                  |
| ssl_key       | /etc/mysql/server-key.pem        |
+---------------+----------------------------------+

    You can set the following configuration to your mYSQL user:

    REQUIRE X509: a valid SSL certificate must be used

    REQUIRE ISSUER / REQUIRE SUBJECT: a SSL certificate with specific ISSUER and/or SUBJECT must be used

    REQUIRE SSL: the connection is forced to use SSL, authentification can be done by password or valid SSL certificate

    With the following comamnd you can check the status of your connected clients:

    mysql> SHOW STATUS LIKE 'Ssl_cipher';

    Output should look like this:

    +---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA | 
+---------------+--------------------+
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 Stata链式中介效应代码修改
  • ¥15 latex投稿显示click download
  • ¥15 请问读取环境变量文件失败是什么原因?
  • ¥15 在若依框架下实现人脸识别
  • ¥15 添加组件无法加载页面,某块加载卡住
  • ¥15 网络科学导论,网络控制
  • ¥100 安卓tv程序连接SQLSERVER2008问题
  • ¥15 利用Sentinel-2和Landsat8做一个水库的长时序NDVI的对比,为什么Snetinel-2计算的结果最小值特别小,而Lansat8就很平均
  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用