On Wed, 2023-11-01 at 10:26 +0300, Ivan Krylov via discuss wrote: > On Tue, 31 Oct 2023 17:45:47 -0400 > Nick Lockheart via discuss <[email protected]> wrote: > > > Replication master: > > Server version: 10.5.21-MariaDB-0+deb11u1-log Debian 11 > > > > Replication slave: > > Server version: 10.5.21-MariaDB-0+deb11u1 Debian 11 > > > > When `require_secure_transport = on` is enabled on the master, I > > get: > > > > "error reconnecting to master '[email protected]:3306' - retry-time: > > 10 > > maximum-retries: 86400 message: Access denied for user > > 'user'@'domain.com' (using password: YES)." > > Could it be that you need to manually enable TLS on the replica using > CHANGE MASTER TO MASTER_SSL=1; > <https://mariadb.com/kb/en/change-master-to/#tls-options>? Setting up > the path to the certificate authority and enabling verification is > also > a good idea (otherwise it's possible for the ISP to MITM the > connection > by posing as a MariaDB instance with a different host key). > > The "Connections using insecure transport are prohibited" error > message > only has been fixed in MariaDB 11.2; in 10.5.21 it would still be > "Access denied for user": https://github.com/MariaDB/server/pull/2581 >
Thank you, I had thought that TLS settings were taken from the [client- mariadb] block in the configuration file, but it seems that you have to specify the TLS settings in the CHANGE MASTER command. It is working now with TLS.
_______________________________________________ discuss mailing list -- [email protected] To unsubscribe send an email to [email protected]
