On Tue, 2023-10-31 at 23:09 +0100, Hartmut Holzgraefe via discuss wrote: > On 31.10.23 22:45, Nick Lockheart via discuss wrote: > > > How can I get verbose messages about what is happening with TLS > > (why is > > it being rejected)? > > unfortunately your best options are either to capture the initial TLS > dialog packages and to analyze them with Wireshark, or to use the > OpenSSL s_client tool to emulate a mysql protocol connection trying > to switch to TLS: > > see e.g.: https://serverfault.com/a/931652 >
One thing that makes this particularly frustrating is that when `require_secure_transport = on` is set on the master, I can still login remotely to the master computer from the slave computer manually, using the same replication user: mariadb -h masterdomain.com -P 3306 -p'secret' -u rep_slave -v Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 191 Server version: 10.5.21-MariaDB-0+deb11u1-log Debian 11 And it appears that TLS is working: MariaDB [(none)]> SHOW SESSION STATUS LIKE 'Ssl_cipher'; +---------------+------------------------+ | Variable_name | Value | +---------------+------------------------+ | Ssl_cipher | TLS_AES_256_GCM_SHA384 | +---------------+------------------------+ 1 row in set (0.023 sec) But meanwhile, in the logs, I'm still seeing: "Access denied for user 'rep_slave'@'domain.com' (using password: YES)" So it seems like TLS does work for the replication user, too, if I log in manually from the command line (on the remote machine) but the same user is failing (when TLS is enforced) as the automated replication slave user.
_______________________________________________ discuss mailing list -- [email protected] To unsubscribe send an email to [email protected]
