Data-in-Transit Encryption


By default, MariaDB SkySQL services feature data-in-transit encryption for client connections:

  • TLS 1.2 and TLS 1.3 are supported. SSL/TLS certificates and encryption settings are not customer-configurable.

  • For information on how to connect with TLS, see "Connect and Query".

  • The "Disable SSL/TLS" option may be appropriate for some customers when also using AWS PrivateLink or GCP VPC Peering. For additional information, see "Disable SSL/TLS".


MariaDB SkySQL services perform server-to-server communication between MariaDB MaxScale, MariaDB Enterprise Server, MariaDB Xpand nodes, and SkySQL infrastructure.

By default, these server-to-server communications are protected with data-in-transit encryption:

  • For SkySQL Services on AWS, see "Encryption in transit" (AWS). SkySQL uses configurations which feature automatic in-transit encryption.

  • For SkySQL Services on GCP, see "Encryption in transit" (GCP). SkySQL uses encryption by default.