Information
MariaDB supports multiple encryption ciphers that can be used for TLS connections during replication. Ciphers can vary in strength, speed and overhead.
Rationale:
Requiring REPLICA servers to utilize strong ciphers when connecting to a PRIMARY server protects data in transit.
Impact:
If the PRIMARY and REPLICA servers don't support common cipher suites, replication will fail.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To remediate this setting, you must use the CHANGE MASTER TO command with MASTER_SSL_CIPHER.
For example, run:
STOP REPLICA; -- required if replication was already running
CHANGE MASTER TO
MASTER_SSL_CIPHER='ECDHE-ECDSA-AES128-GCM-SHA256';
START REPLICA; -- required if you want to restart replication
Default Value:
Empty