我在PHP上使用mysqli连接到mysql数据库。数据库与ssl都没有打开连接。 我已经制作了这段代码:
$db = mysqli_init();
$db->ssl_set(NULL, NULL,'rds-combined-ca-bundle.pem',NULL,NULL);
$db->real_connect($hostname,$username,$password,$database);
$res = $db->query('SHOW TABLES;');
print_r ($res);
$db->close();
我得到的输出非常好,我得到了我想要的东西,但我不明白我的连接是否与SSL结合。 如果我将证书名称更改为xyzrds-combined-ca-bundle.pem,它会继续正常工作...所以我猜它只是在证书失败时打开no-ssl。
有关我如何知道我是否与SSL连接的任何线索?
非常感谢
分辨
检查它的PHP代码如下:
$db = mysqli_init();
$db->ssl_set(NULL, NULL,'rds-combined-ca-bundle.pem',NULL,NULL);
$db->real_connect($hostname,$username,$password,$database);
$res = $db->query("SHOW STATUS LIKE 'Ssl_cipher';");
while ( $row = $res->fetch_array() ) {
print_r($row);
}
$db->close();
结果
如果正确使用证书:
Array
(
[0] => Ssl_cipher
[Variable_name] => Ssl_cipher
[1] => AES256-SHA
[Value] => AES256-SHA
)
如果您删除或遗漏证书,您将获得:
Array
(
[0] => Ssl_cipher
[Variable_name] => Ssl_cipher
[1] =>
[Value] =>
)
答案 0 :(得分:2)
基于this answer,这是一个快速代码,用于检查您的连接是否基于SSL:
$res = $mysqli->query("SHOW STATUS LIKE 'Ssl_cipher'");
$row = $res->fetch_assoc();
if(empty($row['value']))
{
echo 'No SSL';
}
答案 1 :(得分:0)
您可以为每个客户端配置SSL,这样您就可以同时拥有SSL和NON SSL连接。
您可以通过发送以下命令来配置SSL:mysql> show variables like '%ssl%';
输出应如下所示:
+---------------+----------------------------------+
| Variable_name | Value |
+---------------+----------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /etc/mysql/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/server-cert.pem |
| ssl_cipher | |
| ssl_key | /etc/mysql/server-key.pem |
+---------------+----------------------------------+
您可以为mYSQL用户设置以下配置:
REQUIRE X509:
必须使用有效的SSL证书
REQUIRE ISSUER / REQUIRE SUBJECT:
必须使用具有特定ISSUER和/或SUBJECT的SSL证书
REQUIRE SSL:
强制连接使用SSL,可以通过密码或有效的SSL证书进行身份验证
使用以下comamnd,您可以检查已连接客户端的状态:
mysql> SHOW STATUS LIKE 'Ssl_cipher';
输出应如下所示:
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
答案 2 :(得分:0)
如果您使用的是MySQL 5.7.5或更高版本,则可以use perfomance_schema
SELECT sbt.variable_value AS tls_version, t2.variable_value AS cipher,
processlist_user AS user, processlist_host AS host
FROM performance_schema.status_by_thread AS sbt
JOIN performance_schema.threads AS t ON t.thread_id = sbt.thread_id
JOIN performance_schema.status_by_thread AS t2 ON t2.thread_id = t.thread_id
WHERE sbt.variable_name = 'Ssl_version' AND t2.variable_name = 'Ssl_cipher'
ORDER BY tls_version
收益
+-------------+--------------------+------+---------------+
| tls_version | cipher | user | host |
+-------------+--------------------+------+---------------+
| TLSv1.1 | DHE-RSA-AES256-SHA | root | 192.168.1.100 |
+-------------+--------------------+------+---------------+