> For the complete documentation index, see [llms.txt](https://mariadb.com/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption.md).

# Data-in-Transit Encryption

Protect your data as it moves across the network with Data-in-Transit Encryption. By leveraging the TLS (Transport Layer Security) protocol, MariaDB ensures that credentials, queries, and result sets are encrypted between the client and server. This prevents "man-in-the-middle" attacks and unauthorized eavesdropping on sensitive information.

This guide covers the essentials of securing your network traffic—from configuring SSL certificates and private keys to enforcing secure connections for all users. Secure your communications layer to maintain data integrity and confidentiality in any environment.

{% columns %}
{% column %}
{% content-ref url="/pages/CdGzeEaebRkcJA773yew" %}
[Secure Connections Overview](/docs/server/security/encryption/data-in-transit-encryption/secure-connections-overview.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Conceptual overview of data-in-transit encryption in MariaDB, discussing supported TLS libraries (OpenSSL, wolfSSL), protocol versions (`tls_version`), and certificate verification.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/11QwGDapCrLHfmYSiTAu" %}
[Securing Connections for Client and Server](/docs/server/security/encryption/data-in-transit-encryption/securing-connections-for-client-and-server.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Complete MariaDB security guide. Complete resource for user management, access control, SSL/TLS encryption, and audit policies with comprehensive examples.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/6vavCr1jEmahMKqKD7RW" %}
[Enabling TLS on MariaDB Server](/docs/server/security/encryption/data-in-transit-encryption/data-in-transit-encryption-enabling-tls-on-mariadb-server.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Secure, automatic SSL in MariaDB 11.4+ which is enabled by default and does not require any configuration
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/6vavCr1jEmahMKqKD7RW" %}
[Enabling TLS on MariaDB Server](/docs/server/security/encryption/data-in-transit-encryption/data-in-transit-encryption-enabling-tls-on-mariadb-server.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Step-by-step instructions for manual configuration of SSL in MariaDB via system variables like `ssl_cert`, `ssl_key`, and `ssl_ca` in the configuration file.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/oiFsYKsSVDHBC8AGXK24" %}
[Replication with Secure Connections](/docs/server/security/encryption/data-in-transit-encryption/replication-with-secure-connections.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
A guide to securing replication traffic between primary and replica servers, covering the use of `CHANGE MASTER TO` options (e.g., `MASTER_SSL`) and mutual authentication.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/vG7ZYCWOMUJzgp64Oru5" %}
[Certificate Creation with OpenSSL](/docs/server/security/encryption/data-in-transit-encryption/certificate-creation-with-openssl.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Complete OpenSSL TLS certificate guide: generate CA key/cert and server key/CSR, sign X509 with openssl x509 -CA/-CAkey, and verify certificates.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/JHzpSKGWu7guU6nmhUaQ" %}
[SSL/TLS System Variables](/docs/server/security/encryption/data-in-transit-encryption/ssltls-system-variables.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Reference list of system variables related to TLS configuration, such as `ssl_cipher`, `ssl_crl`, and `have_ssl`, used to manage and monitor encryption settings.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/aQqJszERt9QMDz2BaKG5" %}
[Using TLSv1.3](/docs/server/security/encryption/data-in-transit-encryption/using-tlsv13.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}

{% endcolumn %}
{% endcolumns %}
