http://www.mysqlkorea.co.kr
ѱ۸Ŵ 5.0 , ѱ۸Ŵ 5.1 , MySQL 5.1 HA , ڸŴ
ѱ۸Ŵ 5.0  
ѱ۸Ŵ 5.1  
MYSQL 5.1 HA  
ڸŴ  
Ŵ  
ֽű
mysql master - s
ٴ 迡
mysql myϰ
mysql server
Can't open and l
 
ڸŴ > Ŵ > ڸŴ
 

5.8.7.2. SSL ϱ

 

MySQL Ŭ̾Ʈ α׷ SSL ϱ ؼ, ý OpenSSL Ǵ (MySQL 5.0.10 Ŀ) yaSSL ϰ MySQL SSL ϵ ġǾ Ѵ..

ϱ ؼ MySQL yaSSL Ѵ. (MySQL yaSSL ̼ Ѵ.) MySQL ִ ý̶ yaSSL ̴.

MySQL OpenSSL ϱ ؼ, Ʒ Ѵ:

1.       OpenSSL ̺귯 ġѴ. OpenSSL 0.9.6 ׽Ʈ Ͽ. OpenSSL http://www.openssl.org ִ.

2.       SSL ϵ ̸ ̳ʸ ؼ MySQL ʾҴٸ, MySQL ҽ SSL ϵ Ѵ. ̷ ϱ ؼ configure ũƮ Ѵ:

shell> ./configure --with-ssl

̷ ϸ Ǿ ִ yaSSL ְ ȴ. yaSSL ſ OpenSSL ϱ ؼ, OpenSSL ϰ ̺귯 ִ θ --with-ssl ɼ Ѵ:

shell> ./configure --with-ssl=path

MySQL 5.1.11 , ϰ ϴ SSL ̺귯 ϱ ɼ ݵ ؾ Ѵ.

yaSSL :

shell> ./configure --with-yassl

OpenSSL :

shell> ./configure --with-openssl

н ÷ yaSSL ϱ ؼ /dev/urandom Ǵ /dev/random ־ Ѵ.

3.       mysql.user ̺ SSL- ÷ Եǵ ׷Ʈ ̺ ׷̵ ξ Ѵ. ׷Ʈ ̺ 4.0.0 ׷̵尡 ʿϴ. ׷̵ Section 5.5.7, mysql_upgrade —MySQL ׷̵带 ̺ ˻ϱ ϱ ٶ.

4.       ̳ʸ SSL ϵ Ǿ Ȯϱ ؼ, --ssl ɼǰ Բ .  SSL ʴ´ٸ, ߻ϰ ȴ:

shell> mysqld --ssl --help

060525 14:18:52 [ERROR] mysqld: unknown option '--ssl'

mysqld OpenSSL ϴ ˻ϱ ؼ, have_openssl ý Ѵ:

mysql> SHOW VARIABLES LIKE 'have_openssl';

+---------------+-------+

| Variable_name | Value |

+---------------+-------+

| have_openssl  | YES   |

+---------------+-------+

  YES̸, OpenSSL ϴ ̴. DISABLED̶, SSL ϱ , --ssl-xxx ɼ ؼ ۵ ʾ ǹϴ ̴.

 

Ŭ̾Ʈ SSL ֵ MySQL ϱ ؼ, ʿ Ű ϴ ɼ ϵ Ѵ:

shell> mysqld --ssl-ca=cacert.pem \

       --ssl-cert=server-cert.pem \

       --ssl-key=server-key.pem

  • --ssl-ca (CA) Ų.
  • --ssl-cert Ű (public key) Ų.
  • --ssl-key ̺Ʈ Ű (private key) Ų.

  Ư SSL ų Ǵ REQUIRE SSL ɼ ִ GRANT ɹ ؼ ̶, Ŭ̾Ʈ --ssl-ca ɼǸ ؼ ִ:

shell> mysql --ssl-ca=cacert.pem

Ŭ̾Ʈ Բ 䱸ϱ ؼ, REQUIRE X509 ɼ ؼ ϵ Ѵ. ̷ ϸ, Ŭ̾Ʈ ùٸ Ŭ̾Ʈ Ű Բ Էؾ߸ ְ ȴ:

shell> mysql --ssl-ca=cacert.pem \

       --ssl-cert=client-cert.pem \

       --ssl-key=client-key.pem

Ŭ̾Ʈ Ssl_cipher ˻ؼ SSL ϰ ִ ˻Ѵ. SSL ϰ ִٸ Ssl_cipher ʰ Ǹ, SSL ϰ ٸ ְ ȴ. :

mysql> SHOW STATUS LIKE 'Ssl_cipher';

+---------------+--------------------+

| Variable_name | Value              |

+---------------+--------------------+

| Ssl_cipher    | DHE-RSA-AES256-SHA |

+---------------+--------------------+

mysql Ŭ̾Ʈ ؼ, STATUS Ǵ \s ɾ ؼ SSL ˻Ѵ:

mysql> \s

...

SSL:                    Not in use

...

Ǵ:

mysql> \s

...

SSL:                    Cipher in use is DHE-RSA-AES256-SHA

...

ø̼ α׷ ȿ ϱ ؼ, mysql_real_connect() ϱ mysql_ssl_set() C API Լ ϵ Ѵ. ̷ Ŀ SSL Ǿ Ȯϱ ؼ mysql_get_ssl_cipher() . ̷ NULL ƴ ϵǸ ȣȭ SSL cipler ȴ. ʾҴٸ NULL ϵȴ.

 

5.8.7.
5.8.7.1. SSL ⺻
5.8.7.2. SSL ϱ
5.8.7.3. SSL ɾ ɼ
5.8.7.4. MySQL SSL ϡ
5.8.7.5. SSH ؼ
MySQL Korea Ʈ ()̺ Ƿ 縦 մϴ.
2010-2011 ssebiz All Rights Reserved.