having upgraded php 5.6 lately have encountered problems secure connections mysql. concerns mysqli pdo.
here settings:
mysqli:
$db->ssl_set('/etc/mysql/certs/client-key.pem', '/etc/mysql/certs/client-cert.pem', '/etc/mysql/certs/ca-cert.pem', null, null); pdo:
array( pdo::mysql_attr_ssl_key => '/path/to/client-key.pem', pdo::mysql_attr_ssl_cert => '/path/to/client-cert.pem', pdo::mysql_attr_ssl_ca => '/path/to/ca-cert.pem' ) first, error "dh key small".
second, error "certificate verify failed".
i'm using self-signed certificate generated openssl according tutorial.
after doing research found answers problems:
1. error "dh key small"
due logjam dh key size has larger 768 bits while mysql's default size 512 bits. (note: fixed in mysql 5.7). have provide appropiate cipher in connection, e.g. camellia128-sha.
$db->ssl_set('/etc/mysql/certs/client-key.pem', '/etc/mysql/certs/client-cert.pem', '/etc/mysql/certs/ca-cert.pem', null, 'camellia128-sha'); pdo:
array( pdo::mysql_attr_ssl_key => '/path/to/client-key.pem', pdo::mysql_attr_ssl_cert => '/path/to/client-cert.pem', pdo::mysql_attr_ssl_ca => '/path/to/ca-cert.pem', pdo::mysql_attr_ssl_cipher => 'camellia128-sha' ) 2. error "certificate verify failed"
when generating certificates have use right "common name" each one:
ca: hostname server: fqdn, e.g. hostname.example.com client: somename the important part server certificate common name has same host connecting to, e.g. hostname.example.com.
Comments
Post a Comment