4

Recently my db team upgraded db for encrypted connection. And Our portal built with using Codeigniter 3 started throwing below error.

Severity: Warning

Message: mysqli::real_connect(): (HY000/3159): Connections using insecure transport are prohibited while --require_secure_transport=ON.

Filename: mysqli/mysqli_driver.php

Line Number: 203

Previously before this change on the db side, it was working fine. And when i try to check with Codeigniter forum i was asked to check for the below link.

https://forum.codeigniter.com/thread-77193-post-384725.html#pid384725 --> https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/using-encrypted-connections.html#using-encrypted-connections-client-side-configuration

We have two sites one built with Sprint boot (Java) which uses simply (useSSL=true) and they don't get those issues. But Codeigniter started throwing the above error and i do not have clue on that.

Other details: Codeigniter Version: 3.1.11 PHP 7.3.11

Also Below is my connection string on the codeigniter side.

$db['default'] = array(
    'dsn'   => '',
    'hostname' => 'dbhost',
    'username' => 'dbusername',
    'password' => 'password',
    'database' => 'dbname',
    'dbdriver' => 'mysqli',
    'dbprefix' => '',
    'pconnect' => FALSE,
    'db_debug' => (ENVIRONMENT !== 'production'),
    'cache_on' => FALSE,
    'cachedir' => '',
    'char_set' => 'utf8',
    'dbcollat' => 'utf8_general_ci',
    'swap_pre' => '',
    'encrypt' => FALSE,
    'compress' => FALSE,
    'stricton' => FALSE,
    'failover' => array(),
    'save_queries' => TRUE,
);
Improve this question

2 Answers 2

Reset to default
6

You need some more configurations to set your SSL keys on the MySQL connection. In encrypt key create an array and fill it with this key/values.

‘ssl_key’ - Path to the private key file
‘ssl_cert’ - Path to the public key certificate file
‘ssl_ca’ - Path to the certificate authority file
‘ssl_capath’ - Path to a directory containing trusted CA certificates in PEM format
‘ssl_cipher’ - List of allowed ciphers to be used for the encryption, separated by colons (‘:’)
‘ssl_verify’ - TRUE/FALSE; Whether to verify the server certificate or not (‘mysqli’ only)
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If you have SSL encrypted connection to your MySQL server you should have an SSL public and certification files (key). Contact your sysadmin, devops or hosting provider.
-3

I think, i have figured out. It just expecting me the SSL_VERIFY => FALSE, then it got connected with MySQL.

'encrypt' => [
    'ssl_verify' => FALSE
],

If i provide ssl_verify => TRUE, then It is expecting all the other parameters ssl_key, ssl_cert and ssl_ca. In my case, it got connected automatically to MySQL with ssl_verify ==> FALSE.

so SSL_VERIFY false means there is no client side verification needed and hence no cert, ca and key path required. So it is again how your db has been configured. If it is configured to expect the client side verification needed, then you should pass SSL_VERIFY = TRUE with other all other details. But in my case, SSL_VERIFY = FALSE is fine. That could be the JAVA application too didn't face this problem.

Thank you for everyone support.

Improve this answer

4 Comments

Disabling certificate checking opens you up to vulnerabilities. This is definitely not the recommended solution
I think, having ssl certificate is providing additional security. "For additional security, you can setup the client for a one-way (server or client) or two-way (server and client) SSL authentication, allowing the client or the server to authenticate each other's identity." Ref: dev.mysql.com/doc/connector-j/5.1/en/…
So it means that, the server will not decrypt anything even if we pass ssl_verify = false? . Having certificate details in the client side is just an additional security.
Good sometimes for testing, if configuration or scheduling is an issue.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.