After setting up my NFA servers to use TLS communication for mysql how do I verify if Mysql is actually using TLS?
search cancel

After setting up my NFA servers to use TLS communication for mysql how do I verify if Mysql is actually using TLS?

book

Article ID: 13952

calendar_today

Updated On:

Products

Network Flow Analysis

Issue/Introduction

Beginning with NFA 9.3.6, you can configure Mysql to communicate using TLS by following the steps in the links below:

Generate or Configure Certificates for Use by CA Network Flow Analysis

Enable TLS for CA Network Flow Analysis Data

 

 



After setting up my NFA servers to use TLS communication for mysql how do I verify if Mysql is actually using TLS?

Environment

NFA 9.3.6 or later.

Resolution

1. Login to mysql on the server you wish to check the TLS version enabled within mysql by opening a command prompt and running "mysql".

 

2. Once logged in to mysql run the query below on all servers that you wish to check to see if TLS has een enabled.

SELECT sbt.variable_value AS tls_version,  t2.variable_value AS cipher, processlist_user AS user, processlist_host AS host FROM performance_schema.status_by_thread  AS sbt JOIN performance_schema.threads AS t ON t.thread_id = sbt.thread_id JOIN performance_schema.status_by_thread AS t2 ON t2.thread_id = t.thread_id WHERE sbt.variable_name = 'Ssl_version' and t2.variable_name = 'Ssl_cipher' ORDER BY tls_version;

 

3. The results for a server running TLS 1.2 look like below, notice the tld_version column:




4. The results for a server with no encryption configured for mysql  would look like below:



Powered by Wolken Software