By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Error creating an RDS Read replica when require_secure_transport is on

0

I have a MySQL RDS database that has TLS turned on via require_secure_transport. When I try to create a read replica off of it via the AWS console, it gets stuck at 'creating'

I connected to the database and ran 'show replica status' and saw

error connecting to master 'rdsrepladmin@###.###.###.###:3306' - retry-time: 60 retries: 1 message: Connections using insecure transport are prohibited while --require_secure_transport=ON.

is AWS not using TLS for replication? How do I get my replication to use TLS?

Topics
Migration & ModernizationAnalyticsDatabaseInternet of Things (IoT)
Tags
Amazon Relational Database ServiceDatabaseTransport Layer Security (TLS)
Language
English
Dave B
asked a year ago222 views
1 Answer
0

Check this official document! RDS MySQL supports a parameter for SSL that when set seems to be documented as being equivalent to MASTER_SSL=1, MASTER_SSL_VERIFY_SERVER_CERT=0.

ssl_encryption

A value that specifies whether Secure Socket Layer (SSL) encryption is used on the replication connection. 1 specifies to use SSL encryption, 0 specifies to not use encryption. The default is 0.

The MASTER_SSL_VERIFY_SERVER_CERT option isn't supported. This option is set to 0, which means that the connection is encrypted, but the certificates aren't verified.

profile picture
EXPERT
posquit0
answered a year ago
  • Dave B
    a year ago

    Hi there, that does look useful if I were trying to set up replication manually, but I don't think it applies. I'm attempting to create the replica via the AWS RDS UI Action 'Create Read Replica' I can't set that option there.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content