0

I am connecting to GCP cloud sql instance using sql proxy.

As per my understanding using SQL proxy connections are encrypted and proxy manages SSL for users. https://security.stackexchange.com/questions/151795/how-does-google-sql-proxy-work

But when I try query "status" after successful connection to cloud sql instance using proxy, it shows.

SSL: Not in use

Is that expected behavior?

I have tried googling Google Cloud docs, stackoverflow but that did not help.

Note: I am not providing ssl certificates explicitly. When I try to explicitly give SSL certs it gives DB connection error, server does not support SSL, but without SQL proxy it works fine and status also shows SSL is being used.

Sachin G.
  • 1,870
  • 19
  • 24

1 Answers1

1

This is an expected behavior, the SQL proxy works like a VPN, which means that each connection to SQL instances (without SSL certs) travels within a secure tunnel (using TLS 1.2 with a 128-bit AES cipher; SSL certificates are used to verify client and server identities), but when these connections reach the instances on the Google network this connections appear without SSL encryption on the instance side.

The SQL proxy tunnel only encrypts your connections from your network to your GCP project network.

In this document you can find more information about Proxy SQL and how it keep secure your connections.

Regarding your note, you can set explicitly the SSL certificates without Proxy or you can let that Proxy SQL handle the SSL certificates as is mentioned in this document, but both cases are mutually exclusive.

Jan Hernandez
  • 4,414
  • 2
  • 12
  • 18