Data-in-Transit Encryption
This page is part of MariaDB's Documentation.
The parent of this page is: Security
Topics on this page:
Overview
MariaDB SkySQL features data-in-transit encryption by default.
Client-to-Server
By default, MariaDB SkySQL services feature data-in-transit encryption for client connections:
TLS 1.2 and TLS 1.3 are supported. SSL/TLS certificates and encryption settings are not customer-configurable.
For information on how to connect with TLS, see "Connect and Query".
The "Disable SSL/TLS" option may be appropriate for some customers when also using AWS PrivateLink or GCP VPC Peering. For additional information, see "Disable SSL/TLS".
Server-to-Server
MariaDB SkySQL services perform server-to-server communication between MariaDB MaxScale, MariaDB Enterprise Server, MariaDB Xpand nodes, and SkySQL infrastructure.
By default, these server-to-server communications are protected with data-in-transit encryption:
For SkySQL Services on AWS, see "Encryption in transit" (AWS). SkySQL uses configurations which feature automatic in-transit encryption.
For SkySQL Services on GCP, see "Encryption in transit" (GCP). SkySQL uses encryption by default.