8.1 Ensure 'require_secure_transport' is Set to 'ON' and 'have_ssl' is Set to 'YES'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

All network traffic must use SSL/TLS when traveling over untrusted networks.

Rationale:

Enabling SSL/TLS will allow clients to encrypt network traffic and verify the identity of the server. SSL/TLS helps to prevent eavesdropping and man-in-the-middle attacks.

Impact:

Enabling SSL/TLS could have impact on network traffic inspection.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Follow the procedures as documented in the MariaDB KnowledgeBase to setup TLS.
In your MariaDB configuration file, enable require_secure_transport:

require_secure_transport=ON;

Default Value:

require_secure_transport is disabled (OFF, 0) by default. have_ssl defaults to DISABLED.

See Also

https://workbench.cisecurity.org/benchmarks/12270