How to check if MySQL replication is using SSL

Question

I have a MySQL (actually mariaDB) install that I just started replicating to another server. I want to ensure that I've setup SSL correctly. The SSL portion of SHOW SLAVE STATUS looks like:

Master_SSL_Allowed: Yes
Master_SSL_CA_File: /etc/mysql/newcerts/ca-cert.pem
Master_SSL_CA_Path: /etc/mysql/newcerts/
Master_SSL_Cert: /etc/mysql/newcerts/client-cert.pem
Master_SSL_Cipher:
Master_SSL_Key: /etc/mysql/newcerts/client-key.pem
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No

Is this typical or show that replication is using SSL? Is there something else I can check to ensure it's using SSL? The slave is successfully replicating.

score 4 · Accepted Answer · answered Dec 21 '12 at 15:41

4

Inspect the relevant traffic with tcpdump/wireshark.

answered Dec 21 '12 at 15:41

rackandboneman

2,577
11
8

1

You know, there might be a better way, but there's something to be said about literally seeing it happening. It's reassuring. +1 – gparent Dec 21 '12 at 15:53
Agreed. TIL tcpdump. – nwalke Dec 21 '12 at 19:22

score 2 · Answer 2 · answered Dec 21 '12 at 19:39

2

Make sure the slave replication account has SSL requirements on it. Just because the master support SSL, doesn't mean the account is required to use it.

answered Dec 21 '12 at 19:39

thinice

4,716
21
38

Agreed and configured that way. – nwalke Dec 21 '12 at 20:45
Then, if the replication is actually working that should be enough, because the master wouldn't let the slave connect with SSL disabled. – Lætitia May 20 '13 at 12:20

How to check if MySQL replication is using SSL

2 Answers2