-
New Feature Request
-
Resolution: Duplicate
-
Minor
-
None
-
2.2.13, 2.4.8, 3.0.3
-
MySQL
Zabbix does not currently have support for TLS on MySQL connections between the Server/Proxy and the database. This would be desirable for increased security in cloud environments, such as Amazon Web Services (Amazon RDS offers TLS but Zabbix does not have a way to take advantage of it).
MySQL TLS docs:
http://dev.mysql.com/doc/refman/5.5/en/secure-connections.html
http://dev.mysql.com/doc/refman/5.5/en/mysql-ssl-set.html
I have attached a patch for 2.2.13 that adds this support. I am happy to patch 2.4.8 and 3.0.3 once I get some feedback on code style/acceptance.
Patch Testing:
I have successfully compiled this patch against MySQL client library version 5.5, and verified that with the new configuration parameters in place the connection uses TLS (using MySQL's ability to 'REQUIRE SSL' on user accounts). Testing was done with self-signed certificates. Using the same self-signed certificate for both sides (certificate and CA) connects, using a different certificate for each side does not connect (valid behavior). Proxy and Server both behave as desired. I also tested that --with-sqlite3 vs --with-mysql still functions as expected with this patch in place.
- duplicates
-
ZBXNEXT-2753 Add support for using SSL when connecting to database (backend)
- Closed