Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-3313

Implement support for TLS on MySQL connections

    Details

      Description

      Zabbix does not currently have support for TLS on MySQL connections between the Server/Proxy and the database. This would be desirable for increased security in cloud environments, such as Amazon Web Services (Amazon RDS offers TLS but Zabbix does not have a way to take advantage of it).

      MySQL TLS docs:

      http://dev.mysql.com/doc/refman/5.5/en/secure-connections.html
      http://dev.mysql.com/doc/refman/5.5/en/mysql-ssl-set.html

      I have attached a patch for 2.2.13 that adds this support. I am happy to patch 2.4.8 and 3.0.3 once I get some feedback on code style/acceptance.

      Patch Testing:

      I have successfully compiled this patch against MySQL client library version 5.5, and verified that with the new configuration parameters in place the connection uses TLS (using MySQL's ability to 'REQUIRE SSL' on user accounts). Testing was done with self-signed certificates. Using the same self-signed certificate for both sides (certificate and CA) connects, using a different certificate for each side does not connect (valid behavior). Proxy and Server both behave as desired. I also tested that --with-sqlite3 vs --with-mysql still functions as expected with this patch in place.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                dasterin Scott Buettner
              • Votes:
                3 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: