2.14 Ensure Only Approved Ciphers are Used - ssl_cipher

Information

MySQL supports multiple encryption ciphers. Ciphers can vary in strength, speed and overhead.

Rationale:

Requiring clients attempting to connect to MySQL to use strong ciphers protects data in transit.

Impact:

Connections attempting to use an unsupported cipher will fail.

Solution

Set ssl_cipher in the my.cnf to an approved cipher suite:

ssl_cipher='ECDHE-ECDSA-AES128-GCM-SHA256'

See Also

https://workbench.cisecurity.org/files/3844

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-15, CSCv7|18.5

Plugin: MySQLDB

Control ID: ab51aca714d86a30bf8b4fee5ef170d144abeb4ae99288facbbe27674888635b