📋

Description

This error occurs when a MySQL client attempts to establish an unencrypted connection to a server that has the `require_secure_transport` system variable enabled. MySQL is configured to only accept connections secured by SSL/TLS, and it rejects any attempt to connect using plain TCP/IP.

💬

Error Message

Connections using insecure transport are prohibited while --require_secure_transport=ON.

🔍

Known Causes

3 known causes

⚠️

Client Not Using SSL/TLS

The client application is attempting to connect to MySQL without specifying SSL/TLS encryption parameters in its connection string or configuration.

⚠️

Server Requires Secure Transport

The MySQL server instance is explicitly configured with `require_secure_transport=ON`, mandating encrypted connections for all incoming clients.

⚠️

Incorrect Client SSL Configuration

Even if SSL is intended, the client's SSL/TLS configuration (e.g., missing certificates, incorrect cipher suites, or invalid paths) might be misconfigured.

🛠️

Solutions

3 solutions available

1. Enable SSL/TLS for Client Connections advanced

Configure your MySQL server to use SSL/TLS and update client connection strings to utilize it.

1

Generate or obtain SSL certificates and private keys for your MySQL server. This typically involves creating a Certificate Authority (CA) certificate, a server certificate, and a server private key.

openssl req -newkey rsa:2048 -days 365 -nodes -keyout server-key.pem -out server-cert.pem
openssl x509 -in server-cert.pem -outform pem -out server-cert.pem

2

Configure your MySQL server's `my.cnf` or `my.ini` file to enable SSL. Ensure the paths to your generated certificate files are correct.

[mysqld]
ssl_ca = /path/to/ca.pem
ssl_cert = /path/to/server-cert.pem
ssl_key = /path/to/server-key.pem

3

Restart the MySQL server for the SSL configuration to take effect.

sudo systemctl restart mysql

4

Update your client applications or connection strings to explicitly request an SSL connection. The exact method depends on your client library or tool.

Example for Python (mysql.connector):
import mysql.connector

cnx = mysql.connector.connect(
    user='your_user',
    password='your_password',
    host='your_host',
    database='your_database',
    ssl_ca='/path/to/ca.pem',
    ssl_verify_cert=True
)

5

Alternatively, for MySQL command-line clients, you can use the `--ssl-ca` option.

mysql -u your_user -p --ssl-ca=/path/to/ca.pem your_database

2. Temporarily Disable Require Secure Transport easy

For immediate troubleshooting or in development environments, you can temporarily disable the `require_secure_transport` setting.

1

Connect to your MySQL server as a user with sufficient privileges (e.g., `root`).

mysql -u root -p

2

Execute the following SQL command to set the global variable to `OFF`.

SET GLOBAL require_secure_transport = OFF;

3

Verify the change by querying the global variable.

SHOW GLOBAL VARIABLES LIKE 'require_secure_transport';

4

Note: This change is temporary and will revert to its default value upon server restart. For a permanent change, you must modify the MySQL configuration file.

text

3. Modify MySQL Configuration File for Permanent Change medium

Permanently disable `require_secure_transport` by editing the MySQL configuration file.

1

Locate your MySQL configuration file. This is typically named `my.cnf` (on Linux/macOS) or `my.ini` (on Windows) and is often found in `/etc/mysql/`, `/etc/`, or within the MySQL installation directory.

text

2

Open the configuration file using a text editor with administrative privileges.

sudo nano /etc/mysql/my.cnf

3

Find the `[mysqld]` section and either comment out or remove the line `require_secure_transport = ON`.

[mysqld]
# require_secure_transport = ON

4

Save the changes to the configuration file.

text

5

Restart the MySQL server for the changes to take effect.

sudo systemctl restart mysql

🔗

Related Errors

5 related errors

MySQL Error 3159: Insecure Connection Prohibited