Open philip-galera opened 9 years ago
I'm not sure about client to server encryption, but for replication, my wsrep_provider_options variable contains socket.ssl = YES.
Yes, this setting enables encryption between Galera nodes, however there is no status variable to show what type of encryption was negotiated.
There is no way to observe that SSL is in effect from the SQL side. Therefore, it will be difficult for tests and monitoring tools to confirm that the cluster has been properly secured. The only mention is in the error log, which is difficult to test and observe:
Instead,
SHOW STATUS
should display information such as: