Skip to content

Ensure 'have_ssl' Is Set to 'YES'

Description

All network traffic must use SSL/TLS when traveling over untrusted networks.

Rationale

The SSL/TLS-protected MySQL protocol helps to prevent eavesdropping and man-in-the-middle attacks.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine mysql

Default Rule

const { checkServerSetting } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if SSL/TLS-­‐protected MySQL protocol is enabled
 */
function validate(databaseSettings) {
    const settingName = "have_ssl"
    const expectedValue = "yes"
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {
        success,
    }
}

// invoke
validate(databaseSettings);