SSL/TLS Status Variables

You are viewing an old version of this article. View the current version here.

The status variables listed on this page relate to encrypting data during transfer with the Transport Layer Security (TLS) protocol. Often, the term Secure Socket Layer (SSL) is used interchangeably with TLS, although strictly speaking, the SSL protocol is a predecessor to TLS and is no longer considered secure.

For compatibility reasons, the TLS status variables in MariaDB still use the Ssl_ prefix, but MariaDB only supports its more secure successors. For more information on SSL/TLS in MariaDB, see Secure Connections Overview.

Variables

`Ssl_accept_renegotiates`

Description: Number of negotiations needed to establish the TLS connection. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_accepts`

Description: Number of accepted TLS handshakes. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_callback_cache_hits`

Description: Number of sessions retrieved from the session cache. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_cipher`

Description: The TLS cipher currently in use.
Scope: Global, Session
Data Type: string

`Ssl_cipher_list`

Description: List of the available TLS ciphers.
Scope: Global, Session
Data Type: string

`Ssl_client_connects`

Description: Number of TLS handshakes started in client mode. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_connect_renegotiates`

Description: Number of negotiations needed to establish the connection to a TLS-enabled master. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_ctx_verify_depth`

Description: Number of tested TLS certificates in the chain. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_ctx_verify_mode`

Description: Mode used for TLS context verification.The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_default_timeout`

Description: Default timeout for TLS, in seconds.
Scope: Global, Session
Data Type: numeric

`Ssl_finished_accepts`

Description: Number of successful TLS sessions in server mode. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_finished_connects`

Description: Number of successful TLS sessions in client mode. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_server_not_after`

Description: Last valid date for the TLS certificate.
Scope: Global, Session
Data Type: numeric
Introduced: MariaDB 10.0

`Ssl_server_not_before`

Description: First valid date for the TLS certificate.
Scope: Global, Session
Data Type: numeric
Introduced: MariaDB 10.0

`Ssl_session_cache_hits`

Description: Number of TLS sessions found in the session cache. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_session_cache_misses`

Description: Number of TLS sessions not found in the session cache. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_session_cache_mode`

Description: Mode used for TLS caching by the server.
Scope: Global
Data Type: string

`Ssl_session_cache_overflows`

Description: Number of sessions removed from the session cache because it was full. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_session_cache_size`

Description: Size of the session cache. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_session_cache_timeouts`

Description: Number of sessions which have timed out. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_sessions_reused`

Description: Number of sessions reused. The global value can be flushed by FLUSH STATUS.
Scope: Global, Session
Data Type: numeric

`Ssl_used_session_cache_entries`

Description: Current number of sessions in the session cache. The global value can be flushed by FLUSH STATUS.
Scope: Global
Data Type: numeric

`Ssl_verify_depth`

Description: TLS verification depth.
Scope: Global, Session
Data Type: numeric

`Ssl_verify_mode`

Description: TLS verification mode.

Value	Description
SSL_VERIFY_NONE 0x00	No SSL certificate verification is performed.
SSL_VERIFY_PEER 0x01	Request a client certificate and verify it against the CA certificate on the server side. If no client certificate is presented, the session may connect. If an invalid client certificate is presented, the connection is rejected.
SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02	Verify the client certificate. Fail the connection if no client certificate is provided.
SSL_VERIFY_CA 0x03	Verify the client certificate; the client also verifies the server certificate against the CA.
SSL_VERIFY_CLIENT_ONCE 0x04	Verify the client certificate during the initial handshake, but not in subsequent renegotiations.
SSL_VERIFY_VERIFY_IDENTITY 0x05	Verify the client certificate against the CA. The client also verifies the server certificate against the CA, both requiring that the host name or IP address in the certificates match the actual host name or IP address of the presenter.

Scope: Global, Session
Data Type: numeric

`Ssl_version`

Description: TLS version in use.
Scope: Global, Session
Data Type: string

Comments

Comments loading...

Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.