2.12 Ensure Only Approved Ciphers are Used

Information

MariaDB supports multiple encryption ciphers. Ciphers can vary in strength, speed and overhead.

Rationale:

Requiring clients attempting to connect to MariaDB to use strong ciphers protects data in transit.

Impact:

Connections attempting to use an unsupported cipher will fail.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Set ssl_cipher to one or more approved cipher suites in your MariaDB configuration file, then restart MariaDB.
For example, set:

ssl_cipher='ECDHE-ECDSA-AES128-GCM-SHA256'

Default Value:

None

See Also

https://workbench.cisecurity.org/benchmarks/16527

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-15, CSCv7|18.5

Plugin: Unix

Control ID: 78c26a95adbb4399112728074aaab90342e29f0d0d5e5c54aa3f2fd045847c8a