0

I'm using code from a demo program using Devart's MyDac component using Delphi 2009 to connect to a remote database using SSL.

I have made and verified the certificates and keys and set the connection parameters in MyDAC to use them eg

MyConnection.protocol := 'mpSSL';
MyConnection.SSLOptions.CACert := 'C:\ca-cert.pem';
MyConnection.SSLOptions.Cert := 'C:\client-cert.pem';
MyConnection.SSLOptions.Key := 'C:\client-key.pem';
MyConnection.SSLOptions.Chipherlist := 'All';

When I tell MyConnection to connect (after setting the user name / password etc) it connects to the database with no problems. However as a test I deliberately put in an invalid key name of 'C:\XXXclient-key.pem and it still connected OK so maybe it wasn't using SSL at all.

So my question is:

How can I use Delphi to detect if a connection is really using SSL or not?

user3209752
  • 619
  • 2
  • 17
  • 29
  • Do you use `TScSSLClient` component ? Because that one can tell you that by its [`IsSecure`](https://www.devart.com/sbridge/docs/index.html?tscsslclient_issecure.htm) property (at least according to the description). – TLama Jun 02 '15 at 10:40
  • To connect to MySQL server via SSL, you should set the TMyConnection.Options.Protocol property to mpSSL. Whether `MyConection.protokol = mpSSL` is equal to `MyConection.Options.protokol = mpSSL`? – Val Marinov Jun 02 '15 at 13:19
  • You can verify with the ‘status’ command once connected (note the SSL “cipher in use is DHE-RSA-AES256-SHA” means SSL is being used) http://www.chriscalender.com/tag/client-key-pem/ – Val Marinov Jun 02 '15 at 13:38
  • TLama - no, I'm using the demo from Devart, it uses just TMyConnection, TMySSLIOHandler and TScCryptoAPIStorage. (but the demos is over complex to show off and has no comments so you can't see what is necessary and what isn't). Val Marrinov - Yes I tried that. My question is not really about how to connect using SSL but how to confirm that the connection I have made really is using SSL or not. I can connect using what I THINK are the right SSL parameters but can't tell if it really is ssl. How do I use the 'status' command? is that a method of TMyConnection or are you referring to SQL? – user3209752 Jun 03 '15 at 07:33

1 Answers1

0

I think I'll close this question myself as it seem far more complex than I thought it was and I need much more information before this question makes sense. It appears that the sql statement;

SHOW STATUS LIKE 'Ssl_cipher'

can help as its value will be empty if its not using ssl or will contain an value if it is. The touble was the Mysql server I was using (ISP Nativespace) did not even have a variable name called Ssl_cipher so it looks like it doesn't support ssl anyway. Trying the same thing using another ISP I did see the variable name but it had no value, showing that was also not using ssl even I though it could do it.

It now appears that there is much more that needs doing before a ssl connection can be set up. Creating a new user on the db that only ever uses ssl, setting up permissions for them, running code on the server etc.

Not at all as simple as Devart's web page on securebridge leads one to believe!

"It is enough to place several components on the form and specify the server address and the user login information to establish a secure connection."

Err... not quite!

user3209752
  • 619
  • 2
  • 17
  • 29