Uploaded image for project: 'Debezium'
  1. Debezium
  2. DBZ-6340

Use (and add support for) prefer as the default SSL mode on the Postgres and MySQL connectors

    XMLWordPrintable

Details

    Description

      Which use case/requirement will be addressed by the proposed feature?

      Configuration item database.sslmode on the Postgres and MySQL connectors has a default value of disable. It would be good for the connection to the Postgres/MySQL instance to be secure by default (or at least attempt to be encrypted).

      Implementation idea

      Postgres

      The supported values for database.sslmode are disable, requireverify-ca and verify-full. In In addition to those values, the Postgres JDBC [driver|https://jdbc.postgresql.org/documentation/publicapi/org/postgresql/jdbc/SslMode.html] supports 2 more values:

      • allow: try to connect to Postgres without encryption and, failing that, try encrypted 
      • prefer: try to connect to Postgres with encryption and, failing that, try unencrypted

      Let's add support for both of those modes and then make the prefer value the default mode.  

      MySQL

      The support values for database.sslmode are disabled, preferred, required, verify_ca and verify_identify. The default is disabled. Let's make preferred the default mode.

      Attachments

        Issue Links

          relates to

          Task - Represents a small unit of work that is not end-user facing. DBZ-6466 Document database.sslmode for MySQL

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) DBZ-6397 Replace db specific database.ssl_mode config options with a semantic config option 'use.secure.connections'

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open
          links to

          Web Link RHEA-2023:120698 Red Hat build of Debezium 2.3.4 release

          Activity

            People

              Unassigned Unassigned
              dreft.laurent@gmail.com Frederic Laurent (Inactive)
              Frederic Laurent (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: