{"id":2904,"date":"2014-04-17T13:25:10","date_gmt":"2014-04-17T18:25:10","guid":{"rendered":"http:\/\/www.bytebot.net\/blog\/?p=2904"},"modified":"2014-04-17T13:25:10","modified_gmt":"2014-04-17T18:25:10","slug":"ssl-and-mariadbmysql","status":"publish","type":"post","link":"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/17\/ssl-and-mariadbmysql","title":{"rendered":"SSL and MariaDB\/MySQL"},"content":{"rendered":"<p>With the recent <a href=\"http:\/\/heartbleed.com\/\">Heartbleed<\/a> bug, people are clearly more interested in their MariaDB\/MySQL running with SSL and if they have problems. First up, you should read the advisory notes: <a href=\"https:\/\/mariadb.com\/blog\/openssl-heartbleed-security-update\">MariaDB<\/a>, <a href=\"http:\/\/www.percona.com\/ceo-customer-advisory-heartbleed\">Percona Server<\/a> (<a href=\"http:\/\/www.mysqlperformanceblog.com\/2014\/04\/14\/advisory-heartbleed-cve-2014-0160-perconas-customers-users\/\">blog<\/a>), and <a href=\"http:\/\/www.oracle.com\/technetwork\/topics\/security\/opensslheartbleedcve-2014-0160-2188454.html\">MySQL<\/a>\u00a0(<a href=\"https:\/\/blogs.oracle.com\/security\/entry\/april_2014_critical_patch_update\">blog<\/a>).<\/p>\n<p>Next, when you install MariaDB (or a variant) you are usually <i>dynamically linked<\/i> to the OpenSSL library that the system provides. Typically on startup of MariaDB 10.0.10 on CentOS 6.5 (packages from the <a href=\"https:\/\/downloads.mariadb.org\/mariadb\/repositories\">MariaDB repository<\/a>), you can check what your status of SSL is.<\/p>\n<pre>\nMariaDB [(none)]> show variables like 'have_ssl';\n+---------------+----------+\n| Variable_name | Value    |\n+---------------+----------+\n| have_ssl      | DISABLED |\n+---------------+----------+\n1 row in set (0.00 sec)\n<\/pre>\n<p>This means that SSL options are compiled, but <tt>mysqld<\/tt> didn&#8217;t start with it. You can verify SSL is linked dynamically:<\/p>\n<pre>\nldd `which mysqld` | grep ssl\n\tlibssl.so.10 => \/usr\/lib64\/libssl.so.10 (0x00007ff82d1b1000)\n<\/pre>\n<p>If you are running with SSL enabled (some <a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.5\/en\/configuring-for-ssl.html\">documentation<\/a> at MySQL) you will have different options naturally. You can do this via: <tt>\/etc\/init.d\/mysql start --ssl<\/tt>. Output now changes:<\/p>\n<pre>\nMariaDB [(none)]> show variables like 'have_ssl';\n+---------------+-------+\n| Variable_name | Value |\n+---------------+-------+\n| have_ssl      | YES   |\n+---------------+-------+\n1 row in set (0.00 sec)\n<\/pre>\n<p>The value NO will be displayed if the server is <strong>not compiled<\/strong> with SSL support. See <a href=\"https:\/\/mariadb.com\/kb\/en\/ssl-server-system-variables\/#have_ssl\">SSL Server System Variables<\/a> for more.<\/p>\n<div class=\"sharedaddy sd-sharing-enabled\"><div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\"><h3 class=\"sd-title\">Share this:<\/h3><div class=\"sd-content\"><ul><li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BShared%20Post%5D%20SSL%20and%20MariaDB%2FMySQL&body=http%3A%2F%2Fwww.bytebot.net%2Fblog%2Farchives%2F2014%2F04%2F17%2Fssl-and-mariadbmysql&share=email\" target=\"_blank\" title=\"Click to email a link to a friend\" data-email-share-error-title=\"Do you have email set up?\" data-email-share-error-text=\"If you&#039;re having problems sharing via email, you might not have email set up for your browser. You may need to create a new email yourself.\" data-email-share-nonce=\"9159b05744\" data-email-share-track-url=\"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/17\/ssl-and-mariadbmysql?share=email\"><span>Email<\/span><\/a><\/li><li class=\"share-facebook\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-facebook-2904\" class=\"share-facebook sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/17\/ssl-and-mariadbmysql?share=facebook\" target=\"_blank\" title=\"Click to share on Facebook\" ><span>Facebook<\/span><\/a><\/li><li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-2904\" class=\"share-linkedin sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/17\/ssl-and-mariadbmysql?share=linkedin\" target=\"_blank\" title=\"Click to share on LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li><li class=\"share-twitter\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-twitter-2904\" class=\"share-twitter sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/17\/ssl-and-mariadbmysql?share=twitter\" target=\"_blank\" title=\"Click to share on Twitter\" ><span>Twitter<\/span><\/a><\/li><li class=\"share-end\"><\/li><\/ul><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>With the recent Heartbleed bug, people are clearly more interested in their MariaDB\/MySQL running with SSL and if they have problems. First up, you should read the advisory notes: MariaDB, Percona Server (blog), and MySQL\u00a0(blog). Next, when you install MariaDB (or a variant) you are usually dynamically linked to the OpenSSL library that the system [&hellip;]<\/p>\n<div class=\"sharedaddy sd-sharing-enabled\"><div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\"><h3 class=\"sd-title\">Share this:<\/h3><div class=\"sd-content\"><ul><li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BShared%20Post%5D%20SSL%20and%20MariaDB%2FMySQL&body=http%3A%2F%2Fwww.bytebot.net%2Fblog%2Farchives%2F2014%2F04%2F17%2Fssl-and-mariadbmysql&share=email\" target=\"_blank\" title=\"Click to email a link to a friend\" data-email-share-error-title=\"Do you have email set up?\" data-email-share-error-text=\"If you&#039;re having problems sharing via email, you might not have email set up for your browser. You may need to create a new email yourself.\" data-email-share-nonce=\"9159b05744\" data-email-share-track-url=\"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/17\/ssl-and-mariadbmysql?share=email\"><span>Email<\/span><\/a><\/li><li class=\"share-facebook\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-facebook-2904\" class=\"share-facebook sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/17\/ssl-and-mariadbmysql?share=facebook\" target=\"_blank\" title=\"Click to share on Facebook\" ><span>Facebook<\/span><\/a><\/li><li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-2904\" class=\"share-linkedin sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/17\/ssl-and-mariadbmysql?share=linkedin\" target=\"_blank\" title=\"Click to share on LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li><li class=\"share-twitter\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-twitter-2904\" class=\"share-twitter sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/17\/ssl-and-mariadbmysql?share=twitter\" target=\"_blank\" title=\"Click to share on Twitter\" ><span>Twitter<\/span><\/a><\/li><li class=\"share-end\"><\/li><\/ul><\/div><\/div><\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_options":[]},"categories":[1064,23],"tags":[1052,1775,48,1376,1656],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p4vJD-KQ","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":3134,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2015\/11\/29\/voting-for-the-percona-live-data-performance-conference-2016","url_meta":{"origin":2904,"position":0},"title":"Voting for talks at the Percona Live Data Performance Conference 2016","date":"29\/11\/2015","format":false,"excerpt":"So this year the Percona Live conference has a new name \u2013 it is the \u201cData Performance Conference\u201d (presumably for a much broader appeal and the fact that Percona is now in the MongoDB world as well). And the next new thing to note? You have to go through a\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2743,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2013\/06\/11\/homebrew-mac-os-x-and-mariadb-10-0-series","url_meta":{"origin":2904,"position":1},"title":"Homebrew (Mac OS X) and MariaDB 10.0 series","date":"11\/6\/2013","format":false,"excerpt":"Today I performed a brew update. I noticed that MariaDB now exists as stable (5.5.30) and devel (10.0.2). Brew formulas also exist for MySQL (5.6.10) and Percona Server (5.5.30-30.2) now. 10.0.3 is around the corner but I wanted to run 10.0.2 now. This is how I did it: brew unlink\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2295,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2012\/02\/05\/replication-features-of-2011-by-sergey-petrunia","url_meta":{"origin":2904,"position":2},"title":"Replication features of 2011 by Sergey Petrunia","date":"5\/2\/2012","format":false,"excerpt":"Sergey Petrunia of the\u00a0MariaDB project & Monty Program. MySQL 5.5 GA at the end of 2010. MariaDB 5.3 RC towards the end of 2011 (beta in June 2011). MySQL 5.5 is merged to Percona Server 5.5 which included semi-sync replication, slave fsync options, atuomatic relay log recovery, RBR slave type\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2335,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2012\/03\/22\/mariadb-at-percona-live-santa-clara","url_meta":{"origin":2904,"position":3},"title":"MariaDB at Percona Live Santa Clara","date":"22\/3\/2012","format":false,"excerpt":"I for one can say that I'm truly excited that MariaDB will be part of Percona Live Santa Clara. The MariaDB session list includes: A tutorial: Improving MySQL\/MariaDB query performance through optimizer tuning by\u00a0Timour Katchaounov and\u00a0Sergey Petrunia. You can benefit from this even as a stock MySQL user naturally. MySQL\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3275,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2016\/08\/17\/whats-next","url_meta":{"origin":2904,"position":4},"title":"What&#8217;s next","date":"17\/8\/2016","format":false,"excerpt":"I received an overwhelming number of comments when I said I was leaving MariaDB Corporation. Thank you - it is really nice to be appreciated. I haven't left the MySQL ecosystem. In fact, I've joined Percona as their Chief Evangelist in the CTO Office, and I'm going to focus on\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2735,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2013\/06\/01\/percona-has-more-mariadb-features-now","url_meta":{"origin":2904,"position":5},"title":"Percona has more MariaDB features now","date":"1\/6\/2013","format":false,"excerpt":"Lately more people ask me for comparisons between Percona Server & MariaDB. There isn't a definitive blow-by-blow feature comparison yet, but it'll come soon. All that said, its great to see new features from MariaDB make it into Percona Server. The features that I've managed to track: group commit for\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/2904"}],"collection":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/comments?post=2904"}],"version-history":[{"count":1,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/2904\/revisions"}],"predecessor-version":[{"id":2905,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/2904\/revisions\/2905"}],"wp:attachment":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/media?parent=2904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/categories?post=2904"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/tags?post=2904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}