Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-17657

Inconsistent server and frontend DB SSL parameters

    XMLWordPrintable

    Details

    • Team:
      Team D
    • Sprint:
      Sprint 64 (May 2020), Sprint 65 (Jun 2020), Sprint 66 (Jul 2020), Sprint 67 (Aug 2020), Sprint 68 (Sep 2020), Sprint 69 (Oct 2020)

      Description

      Zabbix server has DBTLSConnect parameter which controls enable TLS or not and, additionally, level of SSL verification. It supports three values: required, verify_ca, verify_full.

      Zabbix web-interface has two checkboxes "TLS encryption" and "With host verification".
      The behaviour of these two options are not clear in comparison with Zabbix server configuration.

      Although "With host verification" does not make sense for MySQL database at all. It is not used in MySQL connection configuration. It is available only for PostgreSQL:

      include/classes/db/PostgresqlDbBackend.php:				'sslmode' => $this->tls_verify_host ? 'verify-full' : 'verify-ca',
      

      Anyway, PHP module for MySQL (mysqli) has two options:
      MYSQLI_CLIENT_SSL - Use SSL (encryption)
      MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT - Like MYSQLI_CLIENT_SSL, but disables validation of the provided SSL certificate. This is only for installations using MySQL Native Driver and MySQL 5.6 or later.

      So it is expected to have the same configuration view / options for server / proxy and web-interface + similar behaviour.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mgeneralova Marina Generalova
              Reporter:
              dotneft Alexey Pustovalov
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: