1. 首页
  2. 问答
  3. MySQL错误地允许未加密连接

MySQL错误地允许未加密连接

2012-08-12 68 views
1

我正在尝试配置MySQL 5.1.63,以便它只允许通过SSL进行远程连接。我可以确认连接在SSL上工作,但我似乎无法阻止未加密的连接。MySQL错误地允许未加密连接

我下面从MySQL文档中的说明,并运行以下命令:

CREATE USER 'a' IDENTIFIED BY 'a'; 
GRANT ALL ON *.* TO 'a' REQUIRE SSL; 
FLUSH PRIVILEGES;

然后,如果“protectme”是运行MySQL的电脑和我运行从远程计算机以下,

mysql -u a --password=a --host=protectme

它连接!我可以验证我连接的MySQL确实是“protectme”上的MySQL。良好的措施,我试图重新启动MySQL和确认用户在mysql.user表更新时间:

mysql> SELECT * FROM mysql.user WHERE User = "a"; 
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+ 
| Host | User | Password         | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | 
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+ 
| % | a | *667F407DE7C6AD07358FA38DAED7828A72014B4E | Y   | Y   | Y   | Y   | Y   | Y   | Y   | Y    | Y   | Y   | N   | Y    | Y   | Y   | Y   | Y   | Y      | Y    | Y   | Y    | Y    | Y    | Y    | Y     | Y     | Y    | Y   | Y   | ANY  |   |    |    |    0 |   0 |    0 |     0 | 
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+ 
1 row in set (0.00 sec)

有谁知道我做错了吗?互联网上没有其他人似乎有这个问题,但对我来说根本不起作用!非常感谢!

来源

2012-08-12 iloveponies

+1

一旦连接运行显示状态,如'Ssl_cipher';并确保它不是空的。是吗? – matthewnreid 2012-08-12 00:53:20

+0

嗨 - 值是“DHE-RSA-AES256-SHA”。 – iloveponies 2012-08-12 01:11:18

+1

是的,你通过SSL连接,它是加密的。 – matthewnreid 2012-08-12 01:11:59

回答

0

matthewnreid值得赞赏这个答案。谢谢!!

密钥和证书在my.cnf文件的mysql-client部分提供。正如matthewnreid所建议的,您可以通过查看ssl_cipher变量来诊断这一点。

来源

2012-08-12 02:35:19 iloveponies

相关问题

 相关问题