We have a MySQL server, which is soon only accepting connections from the outside world, which are SSL encrypted.
We had a test run and got this exception:
ROOT:Error in <TMySQLServer::TMySQLServer>: Code: 3159 Msg: Connections using insecure transport are prohibited while --require_secure_transport=ON.
The error message:
Connections using insecure transport are prohibited while --require_secure_transport=ON
seems to come directly from the mysql C-API as we got the same message using the mysql command line interface and also using Python when deliberately switching ssl off.
Modern mysql clients enable encryption by default with a fallback to cleartext, older clients default to cleartext with the possibility to enable encryption with a command line parameter.
Now the question is: how can additional parameters to the connect call be provided.
As an example: we had a similar problem with Python. We create the connection using a 3rd party library called sqlalchemy, the call looked like this:
connection = create_engine('mysql://{user}:{password}@{host}/{database}')
And this call lead to the exact same error message. After some research we found, it is possible to provide an additional set of arguments, which is basically just forwarded to the MYSQL-C-API. So this:
connection = create_engine(
'mysql://{user}:{password}@{host}/{database}',
connect_args={'ssl': {'ssl-mode': 'preferred'}}
)
solved the problem for us in case of sqlalchemy. Does a similar possibility exist for TMySQLServer?