So I'm having a hard time verify if my replication is encrypted.
I used tcpdump -X port 3306 >> file but didn't notice any difference between encrypted and non-encrypted traffic. although there was nothing really in plain text.
the show grants for the repl user has the REQUIRE SSL on it.
on master:
Grants for repl@192.168.1.% |
+---------------------------------------------------------------------------------------------------------------------------------------+
| GRANT REPLICATION SLAVE ON *.* TO 'repl'@'192.168.1.%
' IDENTIFIED BY PASSWORD '******************' REQUIRE SSL |
mysql> show variables like '%ssl%';
+---------------+--------------------------------------------+
| Variable_name | Value |
+---------------+--------------------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /etc/mysql/newcerts/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/newcerts/server-cert.pem |
| ssl_cipher | |
| ssl_key | /etc/mysql/newcerts/server-key.pem |
+---------------+--------------------------------------------+
however the :
mysql> SHOW STATUS LIKE 'Ssl_cipher_list';
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| Ssl_cipher_list | |
+-----------------+-------+
I'm guessing this is normal being blank because the actual client is not encrypted. SHOW STATUS LIKE 'Ssl_cipher_list' doesn't have anything to do with the MySQL Replication encryption is this correct?
ON SLAVES;
show slave status;
Master_SSL_Allowed: Yes
Master_SSL_CA_File: /etc/mysql/newcerts/ca-cert.pem
Master_SSL_CA_Path:
Master_SSL_Cert: /etc/mysql/newcerts/client-cert.pem
Master_SSL_Cipher:
Master_SSL_Key: /etc/mysql/newcerts/client-key.pem
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_key | |
+---------------+-------+
can someone confirm if the traffic between the slave and master replication is encrypted using the above info?
I used tcpdump -X port 3306 >> file but didn't notice any difference between encrypted and non-encrypted traffic. although there was nothing really in plain text.
the show grants for the repl user has the REQUIRE SSL on it.
on master:
Grants for repl@192.168.1.% |
+---------------------------------------------------------------------------------------------------------------------------------------+
| GRANT REPLICATION SLAVE ON *.* TO 'repl'@'192.168.1.%
' IDENTIFIED BY PASSWORD '******************' REQUIRE SSL |
mysql> show variables like '%ssl%';
+---------------+--------------------------------------------+
| Variable_name | Value |
+---------------+--------------------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /etc/mysql/newcerts/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/newcerts/server-cert.pem |
| ssl_cipher | |
| ssl_key | /etc/mysql/newcerts/server-key.pem |
+---------------+--------------------------------------------+
however the :
mysql> SHOW STATUS LIKE 'Ssl_cipher_list';
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| Ssl_cipher_list | |
+-----------------+-------+
I'm guessing this is normal being blank because the actual client is not encrypted. SHOW STATUS LIKE 'Ssl_cipher_list' doesn't have anything to do with the MySQL Replication encryption is this correct?
ON SLAVES;
show slave status;
Master_SSL_Allowed: Yes
Master_SSL_CA_File: /etc/mysql/newcerts/ca-cert.pem
Master_SSL_CA_Path:
Master_SSL_Cert: /etc/mysql/newcerts/client-cert.pem
Master_SSL_Cipher:
Master_SSL_Key: /etc/mysql/newcerts/client-key.pem
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_key | |
+---------------+-------+
can someone confirm if the traffic between the slave and master replication is encrypted using the above info?
