Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

MySQL in RDS not enforcing SSL even when require_secure_transport parameter is set to true

2

I have a MySQL instance in RDS and I have created a parameter group and set require_secure_transport parameter to 1. Since it's a dynamic parameter, I was expecting it to take effect automatically, but it didn't, even after 30 minutes. I tried restarting the database instance, even then when I connect from mysql CLI, it doesn't enforce. It just works fine without any SSL certificate. Where am I going wrong?

Thanks in advance.

Topics
AnalyticsMigration & ModernizationDatabase
Tags
MySQLAmazon Relational Database Service
Language
English
asked 3 years ago1.9K views
6 Answers
0

Hello.
As you recognize, it is a dynamic parameter, so I don't think a restart is necessary.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/mysql-ssl-connections.html

Just to be sure, is the parameter group set in the RDS correct?
Are you editing different parameter groups?

EXPERT
answered 3 years ago
  • Velu
    3 years ago

    Yes, I have set the right parameter group in RDS. I have already used the same parameter group to change the timezone and restarted and it worked fine.

0

Hi,

According to the AWS documentation and MySQL documentation, you must set the require_secure_transport parameter value to ON (Not “1”) to require SSL/TLS for connections to your DB instance. Could you check it?

EXPERT
answered 3 years ago
  • Velu
    3 years ago

    Since it's a boolean data type, AWS console shows a list with two values 1 and 0. There is no way to enter value manually. And I assume, being boolean, 1 should mean ON or true.

0

I have the same issue, and I have also rebooted the RDS instance.

SSL is not enforced when require_secure_transport is set to 1 ( which is ON).

answered 3 years ago
0

I am facing the same issue. Even for PostgreSQL as well. Have anyone found the solution?

answered 2 years ago
0

I am also facing the same issue. Even though the require_secure_transport = ON, I am able to connect to mysql without ssl-mode from my machine from command line. However, from the same machine, if I use DBeaver or a custom javascript program to connect to the same RDS without SSL, then i get the below error

Error connecting to the database: Error: Connections using insecure transport are prohibited while --require_secure_transport=ON

answered 2 years ago
0

I'm facing the same issue with Aurora MySQL 3.05.2 cluster. It does not require ssl when require_secure_transport = ON It was working correctly in Aurora MySQL 2.11.5.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content