MySQL错误地允许未加密的连接
[英]MySQL Incorrectly Allowing Unencrypted Connections
问题描述
I am trying to configure MySQL 5.1.63 so that it allows remote connections only over SSL. 
我正在尝试配置MySQL 5.1.63,以便它仅允许通过SSL进行远程连接。 I can confirm that connections work over SSL, however I can't seem to prevent unencrypted connections. 我可以确认连接可以通过SSL进行操作,但是我似乎无法防止未加密的连接。
I am following the instructions from the MySQL documentation, and running the following: 我正在遵循MySQL文档中的说明,并运行以下命令:
CREATE USER 'a' IDENTIFIED BY 'a';
GRANT ALL ON *.* TO 'a' REQUIRE SSL;
FLUSH PRIVILEGES;
Then, if "protectme" is the computer running MySQL and I run the following from a remote computer, 然后,如果“ protectme”是运行MySQL的计算机,而我是从远程计算机运行以下命令,
mysql -u a --password=a --host=protectme
it connects! 它连接! I can verify that the MySQL I am connecting to is indeed the MySQL on "protectme". 我可以验证我连接的MySQL确实是“ protectme”上的MySQL。 For good measure, I have tried restarting MySQL, and confirming that the user is updated in the mysql.user table: 为了达到良好的效果,我尝试重新启动MySQL,并在mysql.user表中确认用户已更新:
mysql> SELECT * FROM mysql.user WHERE User = "a";
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
| Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections |
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
| % | a | *667F407DE7C6AD07358FA38DAED7828A72014B4E | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | N | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | ANY | | | | 0 | 0 | 0 | 0 |
+------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
1 row in set (0.00 sec)
Does anyone know what I'm doing wrong? 有人知道我在做什么错吗? Nobody else on the Internet seems to be having this problem, but it's not working at all for me! 互联网上似乎没有其他人遇到这个问题,但是对我来说根本不起作用! Thanks so much! 非常感谢!
1 个解决方案
解决方案1
0 已采纳 2012-08-12 02:35:19
matthewnreid deserves credit for this answer. matthewnreid对于这个答案值得称赞。 Thank you!! 谢谢!!
The key and certificate were provided in the mysql-client section of my my.cnf file. 密钥和证书在my.cnf文件的mysql-client部分中提供。 You can diagnose this by looking at the ssl_cipher variable, as matthewnreid suggested. 您可以按照matthewnreid的建议通过查看ssl_cipher变量来诊断此问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.