ã“ã®ã‚¨ãƒ³ãƒˆãƒªã¯MySQL Casual Advent Calendar 2015ã®3日目ã§ã™ã€‚
ã§ã€ã“ã‚Œã§ã™ã€‚
ã–ã£ã¨èª¿ã¹ãŸæ„Ÿã˜ã ã¨ã€openssl 1.0.1eã‚ãŸã‚Šã‹ã‚‰Diffie-Hellman (DH) key length 1024bit以上をè¦æ±‚ã™ã‚‹ã‚ˆã†ã«ãªã£ãŸã‹ãªã‚“ã‹ã§ã€MySQLãŒ512bitã¨ã‹ã„ã†ã‹ãªã‚ŠçŸã„key lengthを使ã£ã¦ã‚‹ã›ã„ã§opensslã«æ€’られる感ã˜ã‚‰ã—ã„。
MySQL 5.7ã‹ã‚‰ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆsslオプションãŒæœ‰åŠ¹ãªã®ã§RDSã¨ã‹ã¿ãŸã„ãªSSL接続å—ã‘付ã‘ã¦ã‚‹ãƒ›ã‚¹ãƒˆã«5.7ã®ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ãらã§æŽ¥ç¶šã—よã†ã¨ã™ã‚‹ã¨ã‚³ã‚±ã‚‹ã£ã½ã„。
$ mysql --help
...
--ssl If set to ON, this option enforces that SSL is
established before client attempts to authenticate to the
server. To disable client SSL capabilities use --ssl=OFF.
(Defaults to on; use --skip-ssl to disable.)
...
https://bugs.mysql.com/bug.php?id=77275 を見る㨠mysql/mysql-server/commit/866b988 ã§ç›´ã—ãŸçš„ãªã“ã¨ãŒæ›¸ã„ã¦ã‚ã‚‹ã‘ã©ã€Homebrewã§å…¥ã‚‹ãƒã‚¤ãƒŠãƒªã ã¨ãƒ€ãƒ¡ã£ã½ã„ã‚“ã§ã€ã¨ã‚Šã‚ãˆãšDHを使ã‚ãªã„cipher suite(DEFAULTã§ã‚‚大丈夫ã§ã—ãŸ)を指定ã—ã¦å›žé¿ã§ãるよã†ã§ã™ã€‚
$ mysql --ssl-cipher='DEFUALT' -u kamipo -h mysql-casual.rds.amazonaws.com
以上ã€å…¥ç¤¾ã‚¨ãƒ³ãƒˆãƒªä»¥æ¥ã²ã•ã—ã¶ã‚Šã«ãƒ–ãƒã‚°æ›¸ã„ãŸðŸ˜Š
