wsrep_ssl_mode
This page is part of MariaDB's Documentation.
The parent of this page is: System Variables for MariaDB Enterprise Server
Topics on this page:
Overview
In 11.4 ES, 10.6 ES:
Select which SSL implementation is used for wsrep provider communications: PROVIDER - wsrep provider internal SSL implementation; SERVER - use server side SSL implementation; SERVER_
X509 - as SERVER and require valid X509 certificate. In 10.6 CS, 10.5 ES, 10.5 CS, 10.4 ES, 10.4 CS, 10.3 ES, 10.3 CS, 10.2 ES, 10.2 CS:
Not present
See also: System Variables for MariaDB Enterprise Server 11.4, in 10.6 ES, in 10.5 ES, in 10.4 ES, in 10.3 ES, in 10.2 ES, in 10.6 CS, in 10.5 CS, in 10.4 CS, in 10.3 CS, and in 10.2 CS
USAGE
The wsrep_ssl_mode
system variable is used to configure the WSREP TLS Mode used by MariaDB Enterprise Cluster, powered by Galera.
When set to SERVER
or SERVER_X509
, MariaDB Enterprise Cluster uses the TLS configuration for MariaDB Enterprise Server:
[mariadb]
...
wsrep_ssl_mode = SERVER_X509
ssl_ca = /certs/ca-cert.pem
ssl_cert = /certs/server-cert.pem
ssl_key = /certs/server-key.pem
When set to PROVIDER
, MariaDB Enterprise Cluster obtains its TLS configuration from the wsrep_
[mariadb]
...
wsrep_ssl_mode = PROVIDER
wsrep_provider_options = "socket.ssl=true;socket.ssl_cert=/certs/server-cert.pem;socket.ssl_ca=/certs/ca-cert.pem;socket.ssl_key=/certs/server-key.pem"
DETAILS
The wsrep_ssl_mode
system variable configures the WSREP TLS Mode. The following WSREP TLS Modes are supported:
WSREP TLS Mode | Values | Description |
---|---|---|
Provider |
|
|
Server |
|
|
Server X509 |
|
|
When the wsrep_ssl_mode
system variable is set to PROVIDER
, each node obtains its TLS configuration from the wsrep_
WSREP Provider Option | Description |
---|---|
Set this option to | |
Set this option to the path of the CA chain file. | |
Set this option to the path of the node's X509 certificate file. | |
Set this option to the path of the node's private key file. |
When the wsrep_ssl_mode
system variable is set to SERVER
or SERVER_X509
, each node obtains its TLS configuration from the node's MariaDB Enterprise Server configuration. The following system variables are used:
System Variable | Description |
---|---|
Set this system variables to the path of the CA chain file. | |
Optionally set this system variables to the path of the CA chain directory. The directory must have been processed by | |
Set this system variable to the path of the node's X509 certificate file. | |
Set this system variable to the path of the node's private key file. |
PARAMETERS
Command-line | --wsrep_ssl_mode={PROVIDER| |
Configuration file | Supported |
Dynamic | No |
Scope | Global |
Data Type | ENUM (PROVIDER, SERVER, SERVER_X509) |
Product Default Value | SERVER |
CHANGE HISTORY
Release Series | History |
---|---|
11.4 Enterprise |
|
10.6 Enterprise |
|
10.6 Community |
|
10.5 Enterprise |
|
10.5 Community |
|
10.4 Enterprise |
|
10.4 Community |
|
10.3 Enterprise |
|
10.3 Community |
|
10.2 Enterprise |
|
10.2 Community |
|