wsrep_ssl_mode
This page is part of MariaDB's SkySQL Documentation.
The parent of this page is: System Variables for MariaDB Enterprise Server
Topics on this page:
Overview
- In 10.6 ES:
Select which SSL implementation is used for wsrep provider communications: PROVIDER - wsrep provider internal SSL implementation; SERVER - use server side SSL implementation; SERVER_X509 - as SERVER and require valid X509 certificate.
- In 10.5 ES, 10.4 ES:
Not present
See also: System Variables for MariaDB Enterprise Server 10.6, in 10.5 ES, and in 10.4 ES
USAGE
The wsrep_ssl_mode
system variable is used to configure the WSREP TLS Mode used by MariaDB Enterprise Cluster, powered by Galera.
When set to SERVER
or SERVER_X509
, MariaDB Enterprise Cluster uses the TLS configuration for MariaDB Enterprise Server:
[mariadb]
...
wsrep_ssl_mode = SERVER_X509
ssl_ca = /certs/ca-cert.pem
ssl_cert = /certs/server-cert.pem
ssl_key = /certs/server-key.pem
When set to PROVIDER
, MariaDB Enterprise Cluster obtains its TLS configuration from the wsrep_provider_options system variable:
[mariadb]
...
wsrep_ssl_mode = PROVIDER
wsrep_provider_options = "socket.ssl=true;socket.ssl_cert=/certs/server-cert.pem;socket.ssl_ca=/certs/ca-cert.pem;socket.ssl_key=/certs/server-key.pem"
DETAILS
The wsrep_ssl_mode
system variable configures the WSREP TLS Mode. The following WSREP TLS Modes are supported:
WSREP TLS Mode | Values | Description |
---|---|---|
Provider |
|
|
Server |
|
|
Server X509 |
|
|
When the wsrep_ssl_mode
system variable is set to PROVIDER
, each node obtains its TLS configuration from the wsrep_provider_options system variable. The following options are used:
WSREP Provider Option | Description |
---|---|
Set this option to | |
Set this option to the path of the CA chain file. | |
Set this option to the path of the node's X509 certificate file. | |
Set this option to the path of the node's private key file. |
When the wsrep_ssl_mode
system variable is set to SERVER
or SERVER_X509
, each node obtains its TLS configuration from the node's MariaDB Enterprise Server configuration. The following system variables are used:
System Variable | Description |
---|---|
Set this system variables to the path of the CA chain file. | |
Optionally set this system variables to the path of the CA chain directory. The directory must have been processed by | |
Set this system variable to the path of the node's X509 certificate file. | |
Set this system variable to the path of the node's private key file. |
PARAMETERS
Dynamic | No |
Scope | Global |
Data Type | ENUM (PROVIDER, SERVER, SERVER_X509) |
Default Value | SERVER |
SKYSQL
Cloud | SkySQL Topology | ES Ver | Default |
---|---|---|---|
AWS | Multi-Node Analytics | 10.5 | Not present |
Single Node Analytics | 10.5 | Not present | |
Distributed Transactions | 10.5 | Not present | |
10.6 | Not present | ||
Replicated Transactions | 10.4 | Not present | |
10.5 | Not present | ||
10.6 | SERVER | ||
Single Node Transactions | 10.4 | Not present | |
10.5 | Not present | ||
10.6 | SERVER | ||
GCP | Multi-Node Analytics | 10.5 | Not present |
Single Node Analytics | 10.5 | Not present | |
Distributed Transactions | 10.5 | Not present | |
10.6 | Not present | ||
Replicated Transactions | 10.4 | Not present | |
10.5 | Not present | ||
10.6 | SERVER | ||
Single Node Transactions | 10.4 | Not present | |
10.5 | Not present | ||
10.6 | SERVER |
CHANGE HISTORY
Release Series | History |
---|---|
10.6 Enterprise |
|
10.5 Enterprise |
|
10.4 Enterprise |
|
EXTERNAL REFERENCES
This page shows information specific to MariaDB SkySQL. Information for non-SkySQL use can be found on the wsrep_ssl_mode page in the MariaDB Enterprise Documentation.