MySQL, BCB6 ans SSL Connection

JonKerry · Post by **JonKerry** » Thu 23 Mar 2006 00:48

I have now managed to get the server and mydac up and running together but have found that when the ssl option is selected within mydac it doesn't actually encrypt the data.

I have tested with navicat and the certificates, user and ssl works fine (i am doing a tcpdump of the data flow) however, if i set the user to REQUIRE SSL in mysql then it wont allow me to connect and if I dont it is just plain text even though the mpSSL is selected.

at the moment i have...

Compress = False
Direct = False
Protocol = mpSSL

but this will not connect with a user that requires SSL

am I doing something wrong?

Ikar · Post by **Ikar** » Thu 23 Mar 2006 14:51

We are using MySQL server version 4.1.9 SSL (Windows).

Can you connect to this server in SSL mode using standard command-line mysql.exe client?

> if i set the user to REQUIRE SSL in mysql then it wont allow me to connect
> and if I dont it is just plain text even though the mpSSL is selected

This is standard client behavior - if it can't connect using SSL then it tries to connect without encryption.

> Direct = False
> MySQL API function is not linked.

Most possible, this is MySQL AB bug (http://bugs.mysql.com/bug.php?id=18195). Try to use, for example, 5.0.15 client libmysql.dll. If you specify your e-mail we will send it to you.

JonKerry · Post by **JonKerry** » Thu 23 Mar 2006 15:06

I am running mysql on a Linux server - will this make any difference to the above?

JonKerry · Post by **JonKerry** » Thu 23 Mar 2006 15:30

Ikar wrote:This is standard client behavior - if it can't connect using SSL then it tries to connect without encryption.

I seem to have found that it denies the connection if REQUIRE SSL is used which leads me to believe that SSL is not working within myDAC

Navicat has no problem at all using the same connection settings and certs

Ikar · Post by **Ikar** » Thu 23 Mar 2006 16:24

Navicat is a third-party tool, so we can't use it to analyze the problem. Can you connect using standard mysql.exe with SSL?

Ikar · Post by **Ikar** » Thu 23 Mar 2006 16:39

The client/server protocol is same, but it may have errors in implementation on any side.

JonKerry · Post by **JonKerry** » Thu 23 Mar 2006 16:55

I am slightly confused what do u mean by standard mysql.exe with SSL?

JonKerry · Post by **JonKerry** » Thu 23 Mar 2006 17:01

I think i have figured it out

on Fedora machine i have connected to mysql with --ssl-ca=/cacert.pem --ssl-cert=/client-cert.pem --ssl-key=/client-key.pem

This connected fine and when status is shown the SSL value shows...

Cipher in use is DHE-RSA-AES256-SHA

hope this helps

Ikar · Post by **Ikar** » Fri 24 Mar 2006 14:07

JonKerry wrote:I am slightly confused what do u mean by standard mysql.exe with SSL?

mysql.exe is a standard MySQL command-line client console. You will find it in MySQL for Windows distributive.

JonKerry · Post by **JonKerry** » Fri 24 Mar 2006 14:26

I am using Fedora but found the relevant program and did the test

The results are in my previous post

Ikar · Post by **Ikar** » Mon 27 Mar 2006 08:57

Please try just Windows version.

JonKerry · Post by **JonKerry** » Mon 27 Mar 2006 09:00

I dont understand why there is the requirement to try the windows version?

Should this be done on the client side connecting to the Linux Server?

As far as I was aware SSL was not available in a Windows Binary so I would need to re-compile on a windows server if that is what you are suggesting?

As far as I can see it works fine on Fedora so dont understand the requirement to test with windows.

Please could you explain

Many Thanks

david_labbe · Post by **david_labbe** » Mon 27 Mar 2006 09:40

JonKerry wrote:I dont understand why there is the requirement to try the windows version?

Should this be done on the client side connecting to the Linux Server?

As far as I was aware SSL was not available in a Windows Binary so I would need to re-compile on a windows server if that is what you are suggesting?

As far as I can see it works fine on Fedora so dont understand the requirement to test with windows.

Please could you explain

Many Thanks

I agree with you jon. It should work on the linux box. If you are interested however, MySQL has apparently now released a binary with SSL enabled for windows (too many users suggesting it should be built in). I haven't tried it yet but will soon do so. I also have to connect the app to a linux server but I found it interesting to have a mysql server running on my laptop. Quite convenient for testing purposes.
________
Alcohol Rehab Dicussion

JonKerry · Post by **JonKerry** » Mon 27 Mar 2006 09:51

From the advice given I have used a command line connection to my mysql server (fedora) and am able to connect using the ssl certs that have been created. To me this shows that the server is correctly configured for SSL. Why is there still the requirement to check with Windows?

Many Thanks

david_labbe · Post by **david_labbe** » Mon 27 Mar 2006 10:04

JonKerry wrote:From the advice given I have used a command line connection to my mysql server (fedora) and am able to connect using the ssl certs that have been created. To me this shows that the server is correctly configured for SSL. Why is there still the requirement to check with Windows?

Many Thanks

I agree with you. I just thought I would mention the MySQL release if and only if there was a need for you to have a win version of mysql running on your machine...

In the present case, I also do not see why a win version should be used to check... If you manage to connect to your linux mysql server with SSL, that should be sufficient to say it works and it is properly configured!
________
Gift cards