2

I am connecting to a MySQL instance hosted on AWS from a seperate AWS EC2 server that is running NodeJS on Express.

Here are my connection settings:

var connection = mysql.createConnection({
    host: '<mydatabase>.rds.amazonaws.com',
    user: '<user>',
    password: '<password>',
    database: '<db_name>',
    ssl: 'Amazon RDS',
});

And I run the file using node db_test.js and it returns a SQL query just fine. How can I verify that it is making use of the ssl: 'Amazon RDS' line and it is actually secure?

tim_d
  • 133
  • 2
  • 11

1 Answers1

2

use this query :

let sql= "show status like 'Ssl_version'";

and check the output 

connection.query(sql, function (err, result) {})

Official docs says

SSL options

The ssl option in the connection options takes a string or an object. When given a string, it uses one of the predefined SSL profiles included.The following profiles are included: - "Amazon RDS": this profile is for connecting to an Amazon RDS server and contains the certificates from https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem and https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem

So, I think you can not use ssl:{rejectUnauthorized:true}

But you can always set this process.env.NODE_TLS_REJECT_UNAUTHORIZED = 1.It does the same thing. So when you set this option you will get TLS authorization error if you provide invalid rds SSL profile and won't be able to connect to DB

You can read this as well: https://medium.com/soluto-nashville/best-security-practices-for-amazon-rds-with-sequelize-600a8b497804

Sandeep Patel
  • 4,815
  • 3
  • 21
  • 37