This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Mysql and encryption

0

Hi, I need to know whether or not my Mysql connection is actually being encrypted. Any suggestions as to how I would approach this. So far, I've been filtering on port 3306 and also filtering on my ip.addr but I'm not seeing anything that would indicate that my remote connection to Mysql is actually getting encrypted. Mysql is setup to use ssl. Thanks for any help. Mike

asked 13 Dec '10, 07:47

mikeg's gravatar image

mikeg
1112
accept rate: 0%

I converted the extra answers to comments, please have a look at :

http://ask.wireshark.org/questions/292/example-of-how-to-use-askwiresharkorg-and-how-not-to

to know why :-)

(14 Dec '10, 01:21) SYN-bit ♦♦

Thanks. I was unaware.

(15 Dec '10, 05:15) mikeg

One Answer:

0

You can verify if your mysql server supports ssl connection using the following query

SHOW VARIABLES LIKE 'have_ssl';

You should see something like this : +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_ssl | YES | +---------------+-------+

To validate whether your mysql server is working with ssl create a user that only accept ssl connections

CREATE USER johndoe;

grant select ON . to [email protected]'yourhost' identified by 'somepassword' REQUIRE SSL;

By succesfully connecting and quering data from the specified server

database > table 0 you would have validated that your ssl is correctly working

Hope this helps

Victor

Gazzang http://gazzang.com

answered 13 Dec '10, 15:44

Victor's gravatar image

Victor
1
accept rate: 0%

I can see the query under the mysql protocol but maybe that is the wrong level to be looking at. I don't know. Mike

(13 Dec '10, 08:20) mikeg

Victor, The database does support ssl and it is enabled. It doesn't work. No error messages, nothing to go on. One thing I'm not doing in this case is providing a client cert. I need to find a method that doesn't require a client cert. because I need a remote db connection for a webapp. The database server does not reside on the application server.

So, I'm trying to modify the Mysql connection string by adding the pair: encrypt=true. Using this method I can connect but don't know if the data is actually being encrypted. That's why I'm using Wireshark.

Last year, I setup MS Sqlserver with ssl and verified that the data was being encrypted using Wireshark.

Thanks for your response. Once I figure this out, I'll post my findings.

Mike

(13 Dec '10, 19:31) mikeg