Due to circumstances beyond my control (mgmt), my RT instances will be moved
from their present isolated network into the mainstream with other corporate
devices. As I don’t want any sniffers that might exist on the wire to inspect
my traffic to/from the database servers, I’m looking at using the SSL
encryption feature…but I don’t know what incantations need to be used for the
front-end RT instance to successfully communicate.
If this is explained in a FAQ or manual somewhere, please point me to it.
Due to circumstances beyond my control (mgmt), my RT instances will be
moved
from their present isolated network into the mainstream with other
corporate
devices. As I don’t want any sniffers that might exist on the wire
to inspect
my traffic to/from the database servers, I’m looking at using the SSL
encryption feature…but I don’t know what incantations need to be
used for the
front-end RT instance to successfully communicate.
If this is explained in a FAQ or manual somewhere, please point me to
it.
Gabriel Cadieux <gcadieux securetechnologies.ca> writes:
OpenSSL is far from what i’d call a “custom” software solution lol
push management a little, sometimes they actually give in
-gabe
If it isn’t in the “Known support lexicon” </end corpspeak>,
then it’s a “custom” solution and requires singing/dancing/alms/blood to
implement. Otoh, if I use an existing capability of the MySQL server and a
(hopefully) simple modification to RT it doesn’t register on the “not from
around here” meter.
<wierd breaks are for my posting client’s requirements>
It can be made to work. It is not stable. You will wake up one day
wondering why mysql connections are dying. You will google the error
messages and find all sorts of info on MySQL mailing lists showing
that many others have the same problem. Then you too will recompile
MySQL without SSL support and revert to stunnel.
Which you should have done in the first place, as others have already
suggested.
It is not a “custom” solution, it’s a very common and most excellent
tool used for this purpose.
On mysql clients, I bind stunnel to 127.0.0.10?. Increment the last
digit for each MySQL server your client wants to connect to. On the
mysql server, bind MySQL to the loopback IP and stunnel listens on the
network interface and proxies the request to it.
MattOn Sep 30, 2008, at 7:23 AM, simon jester wrote:
Due to circumstances beyond my control (mgmt), my RT instances will
be moved
from their present isolated network into the mainstream with other
corporate
devices. As I don’t want any sniffers that might exist on the wire
to inspect
my traffic to/from the database servers, I’m looking at using the SSL
encryption feature…but I don’t know what incantations need to be
used for the
front-end RT instance to successfully communicate.
If this is explained in a FAQ or manual somewhere, please point me
to it.