doulan2827 2016-05-19 07:58
浏览 528
已采纳

如何知道与数据库的连接是否使用SSL

I'm using mysqli on PHP to connect to a mysql database. The database have open connection both with ssl and not. I have produced this code:

$db = mysqli_init();
$db->ssl_set(NULL, NULL,'rds-combined-ca-bundle.pem',NULL,NULL);
$db->real_connect($hostname,$username,$password,$database);
$res = $db->query('SHOW TABLES;');
print_r ($res);
$db->close();

The output I get it's pretty fine, I get what I want, but I don't understand if my connection is goin out with SSL or not. If I change the cert name to xyzrds-combined-ca-bundle.pem, it keeps working with no errors... so I guess it just switch on no-ssl when the cert fail.

Any clue on how I can know if I'm connected with SSL or not?

Thanks a lot

RESOLVED

Php code to check it is the following:

$db = mysqli_init();
$db->ssl_set(NULL, NULL,'rds-combined-ca-bundle.pem',NULL,NULL);
$db->real_connect($hostname,$username,$password,$database);
$res = $db->query("SHOW STATUS LIKE 'Ssl_cipher';");
while ( $row = $res->fetch_array() ) {
    print_r($row);
}
$db->close();

Result

if the Certificate is correctly used:

Array
(
    [0] => Ssl_cipher
    [Variable_name] => Ssl_cipher
    [1] => AES256-SHA
    [Value] => AES256-SHA
)

if you remove or miss the certificate, you'll get:

Array
(
    [0] => Ssl_cipher
    [Variable_name] => Ssl_cipher
    [1] =>
    [Value] =>
)
  • 写回答

2条回答 默认 最新

  • douzen1896 2016-05-19 08:48
    关注

    You can configure SSL for each client, so you can have SSL and NON SSL connections the same time.

    You can chech if SSL is configured by sending the following command: mysql> show variables like '%ssl%';

    The output should look like this:

    +---------------+----------------------------------+
    | Variable_name | Value                            |
    +---------------+----------------------------------+
    | have_openssl  | YES                              |
    | have_ssl      | YES                              |
    | ssl_ca        | /etc/mysql/ca-cert.pem           |
    | ssl_capath    |                                  |
    | ssl_cert      | /etc/mysql/server-cert.pem       |
    | ssl_cipher    |                                  |
    | ssl_key       | /etc/mysql/server-key.pem        |
    +---------------+----------------------------------+
    

    You can set the following configuration to your mYSQL user:

    REQUIRE X509: a valid SSL certificate must be used

    REQUIRE ISSUER / REQUIRE SUBJECT: a SSL certificate with specific ISSUER and/or SUBJECT must be used

    REQUIRE SSL: the connection is forced to use SSL, authentification can be done by password or valid SSL certificate

    With the following comamnd you can check the status of your connected clients:

    mysql> SHOW STATUS LIKE 'Ssl_cipher';

    Output should look like this:

    +---------------+--------------------+
    | Variable_name | Value              |
    +---------------+--------------------+
    | Ssl_cipher    | DHE-RSA-AES256-SHA | 
    +---------------+--------------------+
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 arduino控制ps2手柄一直报错
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 求chat4.0解答一道线性规划题,用lingo编程运行,第一问要求写出数学模型和lingo语言编程模型,第二问第三问解答就行,我的ddl要到了谁来求了
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题
  • ¥20 求一个html代码,有偿
  • ¥100 关于使用MATLAB中copularnd函数的问题