Hello, I just started playing around with SSL enabled connections to the MySQL server, and so far I got everything working except that the SSL_CIPHER variable always stays empty.
First I created a CA cert+key pair, then both a MySQL Server and Client cert+key pair, both signed by the CA cert. I configured ca-cert, ssl-cert and ssl-key for the Server at /etc/mysql/my.cnf and restarted the server. Now I checked whether SSL support was enabled: mysql> SHOW VARIABLES LIKE '%SSL%'; +---------------+------------------------------------+ | Variable_name | Value | +---------------+------------------------------------+ | have_openssl | YES | | have_ssl | YES | | ssl_ca | /etc/ssl/certs/ca.crt | | ssl_capath | | | ssl_cert | /etc/ssl/private/mysql-server.crt | | ssl_cipher | | | ssl_key | /etc/ssl/private/mysql-server.key | +---------------+------------------------------------+ Now I limited MySQL remote connections for user 'jonas' to SSL: mysql> GRANT ALL ON *.* TO jonas REQUIRE SUBJECT '...' AND ISSUER '...'; After first getting errors because of slightly wrong subject and issuer strings, that one worked as well: $ mysql -u jonas -p --host=<mysql-host> --skip-ssl Enter password: ERROR 1045 (28000): Access denied for user 'jonas'@'<localhost>' (using password: YES) $ mysql -u jonas -p --host=<mysql-host> --ssl-ca=ca.crt --ssl-key=mysql-client.key --ssl-cert=mysql-client.crt Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 389 Server version: 5.0.51a-12-log (Debian) Type 'help;' or '\h' for help. Type '\c' to clear the buffer. So far everything works great. But for some reason, the SSL connection doesn't have a Cipher set: mysql> SHOW VARIABLES LIKE '%SSL%'; +---------------+------------------------------------+ | Variable_name | Value | +---------------+------------------------------------+ | have_openssl | YES | | have_ssl | YES | | ssl_ca | /etc/ssl/certs/ca.crt | | ssl_capath | | | ssl_cert | /etc/ssl/private/mysql-server.crt | | ssl_cipher | | | ssl_key | /etc/ssl/private/mysql-server.key | +---------------+------------------------------------+ 7 rows in set (0.01 sec) Do you have any suggestions why that could be? I also tried setting the cipher manually with --ssl-cipher=DHE-RSA-AES256-SHA, but that doesn't help either. To be honest, I've no idea why the cipher is empty. Thanks in advance for any help :-) greetings, jonas PS: please Cc me on replies as I'm not subscribed to the list. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
