# Data-in-Transit Encryption Protect your data as it moves across the network with Data-in-Transit Encryption. By leveraging the TLS (Transport Layer Security) protocol, MariaDB ensures that credentials, queries, and result sets are encrypted between the client and server. This prevents "man-in-the-middle" attacks and unauthorized eavesdropping on sensitive information. This guide covers the essentials of securing your network traffic—from configuring SSL certificates and private keys to enforcing secure connections for all users. Secure your communications layer to maintain data integrity and confidentiality in any environment. {% columns %} {% column %} {% content-ref url="/pages/CdGzeEaebRkcJA773yew" %} [Secure Connections Overview](/docs/server/security/encryption/data-in-transit-encryption/secure-connections-overview.md) {% endcontent-ref %} {% endcolumn %} {% column %} Conceptual overview of data-in-transit encryption in MariaDB, discussing supported TLS libraries (OpenSSL, wolfSSL), protocol versions (`tls_version`), and certificate verification. {% endcolumn %} {% endcolumns %} {% columns %} {% column %} {% content-ref url="/pages/11QwGDapCrLHfmYSiTAu" %} [Securing Connections for Client and Server](/docs/server/security/encryption/data-in-transit-encryption/securing-connections-for-client-and-server.md) {% endcontent-ref %} {% endcolumn %} {% column %} Complete MariaDB security guide. Complete resource for user management, access control, SSL/TLS encryption, and audit policies with comprehensive examples. {% endcolumn %} {% endcolumns %} {% columns %} {% column %} {% content-ref url="/pages/6vavCr1jEmahMKqKD7RW" %} [Enabling TLS on MariaDB Server](/docs/server/security/encryption/data-in-transit-encryption/data-in-transit-encryption-enabling-tls-on-mariadb-server.md) {% endcontent-ref %} {% endcolumn %} {% column %} Secure, automatic SSL in MariaDB 11.4+ which is enabled by default and does not require any configuration {% endcolumn %} {% endcolumns %} {% columns %} {% column %} {% content-ref url="/pages/6vavCr1jEmahMKqKD7RW" %} [Enabling TLS on MariaDB Server](/docs/server/security/encryption/data-in-transit-encryption/data-in-transit-encryption-enabling-tls-on-mariadb-server.md) {% endcontent-ref %} {% endcolumn %} {% column %} Step-by-step instructions for manual configuration of SSL in MariaDB via system variables like `ssl_cert`, `ssl_key`, and `ssl_ca` in the configuration file. {% endcolumn %} {% endcolumns %} {% columns %} {% column %} {% content-ref url="/pages/oiFsYKsSVDHBC8AGXK24" %} [Replication with Secure Connections](/docs/server/security/encryption/data-in-transit-encryption/replication-with-secure-connections.md) {% endcontent-ref %} {% endcolumn %} {% column %} A guide to securing replication traffic between primary and replica servers, covering the use of `CHANGE MASTER TO` options (e.g., `MASTER_SSL`) and mutual authentication. {% endcolumn %} {% endcolumns %} {% columns %} {% column %} {% content-ref url="/pages/vG7ZYCWOMUJzgp64Oru5" %} [Certificate Creation with OpenSSL](/docs/server/security/encryption/data-in-transit-encryption/certificate-creation-with-openssl.md) {% endcontent-ref %} {% endcolumn %} {% column %} Complete OpenSSL TLS certificate guide: generate CA key/cert and server key/CSR, sign X509 with openssl x509 -CA/-CAkey, and verify certificates. {% endcolumn %} {% endcolumns %} {% columns %} {% column %} {% content-ref url="/pages/JHzpSKGWu7guU6nmhUaQ" %} [SSL/TLS System Variables](/docs/server/security/encryption/data-in-transit-encryption/ssltls-system-variables.md) {% endcontent-ref %} {% endcolumn %} {% column %} Reference list of system variables related to TLS configuration, such as `ssl_cipher`, `ssl_crl`, and `have_ssl`, used to manage and monitor encryption settings. {% endcolumn %} {% endcolumns %} {% columns %} {% column %} {% content-ref url="/pages/aQqJszERt9QMDz2BaKG5" %} [Using TLSv1.3](/docs/server/security/encryption/data-in-transit-encryption/using-tlsv13.md) {% endcontent-ref %} {% endcolumn %} {% column %} {% endcolumn %} {% endcolumns %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.