In recent Galera 4 versions, garbd silently ignores SSL options if you don't specify socket.ssl=yes
There is no indication whatsoever in the log that ssl options are being ignored.
I see this is a recurring problem causing a lot of time waste.
Ignored SSL options:
2022-08-09 09:44:38.731 INFO: protonet asio version 0
2022-08-09 09:44:38.731 INFO: Using CRC-32C for message checksums.
2022-08-09 09:44:38.731 INFO: backend: asio
Not Ignored SSL options:
2022-08-09 09:44:38.731 INFO: protonet asio version 0
2022-08-09 09:44:38.731 INFO: Using CRC-32C for message checksums.
*** 2022-08-09 09:44:38.731 INFO: initializing ssl context
*** 2022-08-09 09:44:38.731 INFO: SSL cipher list set to 'ECDHE-RSA-AES256-GCM-SHA384'
2022-08-09 09:44:38.731 INFO: backend: asio
In recent Galera 4 versions, garbd silently ignores SSL options if you don't specify socket.ssl=yes There is no indication whatsoever in the log that ssl options are being ignored. I see this is a recurring problem causing a lot of time waste.
Ignored SSL options:
Not Ignored SSL options:
Maybe it should be documented here: https://galeracluster.com/library/documentation/arbitrator.html
As far as I can tell the change that made the difference is this one: https://github.com/codership/galera/commit/43f29e67516004419c1f7536e8075cf054b7b6a9