# Data-in-Transit Encryption

Protect your data as it moves across the network with Data-in-Transit Encryption. By leveraging the TLS (Transport Layer Security) protocol, MariaDB ensures that credentials, queries, and result sets are encrypted between the client and server. This prevents "man-in-the-middle" attacks and unauthorized eavesdropping on sensitive information.

This guide covers the essentials of securing your network traffic—from configuring SSL certificates and private keys to enforcing secure connections for all users. Secure your communications layer to maintain data integrity and confidentiality in any environment.

{% columns %}
{% column %}
{% content-ref url="data-in-transit-encryption/secure-connections-overview" %}
[secure-connections-overview](https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption/secure-connections-overview)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Conceptual overview of data-in-transit encryption in MariaDB, discussing supported TLS libraries (OpenSSL, wolfSSL), protocol versions (`tls_version`), and certificate verification.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="data-in-transit-encryption/securing-connections-for-client-and-server" %}
[securing-connections-for-client-and-server](https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption/securing-connections-for-client-and-server)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Complete MariaDB security guide. Complete resource for user management, access control, SSL/TLS encryption, and audit policies with comprehensive examples.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="data-in-transit-encryption/data-in-transit-encryption-enabling-tls-on-mariadb-server" %}
[data-in-transit-encryption-enabling-tls-on-mariadb-server](https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption/data-in-transit-encryption-enabling-tls-on-mariadb-server)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Secure, automatic SSL in MariaDB 11.4+ which is enabled by default and does not require any configuration
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="data-in-transit-encryption/data-in-transit-encryption-enabling-tls-on-mariadb-server" %}
[data-in-transit-encryption-enabling-tls-on-mariadb-server](https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption/data-in-transit-encryption-enabling-tls-on-mariadb-server)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Step-by-step instructions for manual configuration of SSL in MariaDB via system variables like `ssl_cert`, `ssl_key`, and `ssl_ca` in the configuration file.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="data-in-transit-encryption/replication-with-secure-connections" %}
[replication-with-secure-connections](https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption/replication-with-secure-connections)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
A guide to securing replication traffic between primary and replica servers, covering the use of `CHANGE MASTER TO` options (e.g., `MASTER_SSL`) and mutual authentication.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="data-in-transit-encryption/certificate-creation-with-openssl" %}
[certificate-creation-with-openssl](https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption/certificate-creation-with-openssl)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Complete OpenSSL TLS certificate guide: generate CA key/cert and server key/CSR, sign X509 with openssl x509 -CA/-CAkey, and verify certificates.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="data-in-transit-encryption/ssltls-system-variables" %}
[ssltls-system-variables](https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption/ssltls-system-variables)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Reference list of system variables related to TLS configuration, such as `ssl_cipher`, `ssl_crl`, and `have_ssl`, used to manage and monitor encryption settings.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="data-in-transit-encryption/using-tlsv13" %}
[using-tlsv13](https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption/using-tlsv13)
{% endcontent-ref %}
{% endcolumn %}

{% column %}

{% endcolumn %}
{% endcolumns %}