Is MySQL port 3306 encrypted, and if no, how can I encrypt it?
Solution 1
No, by default mysql traffic is not encrypted. Setting up MySQL to work with OpenSSL on a per-connection basis is your best bet. Most binaries are built with SSL support these days, but it's easy enough to check if your version will support it. From the documentation:
To check whether a server binary is compiled with SSL support, invoke it with the --ssl option. An error will occur if the server does not support SSL:
shell> mysqld --ssl --help 060525 14:18:52 [ERROR] mysqld: unknown option '--ssl'
Solution 2
By default MySQL does not encrypt its client/server communication:
You can setup MySQL to accept connections over SSL and require users to use SSL. Here's the guide for SSL setup:
MySQL 8:
- https://dev.mysql.com/doc/refman/8.0/en/security-guidelines.html
- https://dev.mysql.com/doc/refman/8.0/en/encrypted-connections.html
Related videos on Youtube
Stephen RC
Senior developer at Defiant / Wordfence, security analyst, Tolkien fan, and general geek.
Updated on September 18, 2022Comments
-
Stephen RC almost 2 years
I am working through a security audit for a system at my work and one of the requirements is to encrypt all traffic through public/unprotected networks. Since we are accessing the MySQL database (over port 3306) on one of our external servers from our office network, the connection to MySQL needs to be encrypted.
Is it already encrypted, and if not, how can I encrypt it?
I am using tools and scripts which can't use fancy SSH-port-forwards or VPNs... is it still possible?
-
CeD over 6 yearsJust for people bumping into this thread The doc is now (2018) at yet another link ; dev.mysql.com/doc/refman/5.7/en/encrypted-connections.html
-
-
JellicleCat over 9 yearsHyperlink is dead.
-
smhg over 9 yearsLink for v5.6: dev.mysql.com/doc/refman/5.6/en/ssl-connections.html (also updated above)
-
knocte about 8 yearsthe links are broken
-
Jesse Chisholm almost 4 yearsNew link now also dead. :(