[Koha-bugs] [Bug 36026] New: Need TLS MySQL Connection Without Mutual Authentication
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Feb 7 21:16:42 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36026
Bug ID: 36026
Summary: Need TLS MySQL Connection Without Mutual
Authentication
Change sponsored?: ---
Product: Koha
Version: 22.11
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: rschet at sandia.gov
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
We’ve successfully connected our Koha site (version 22.11.12.000) to an Azure
Database for MySQL flexible server without TLS encryption, but we’ve been
unable to connect to the Azure MySQL database with TLS encryption enabled and
required. The reason for this appears to be that Koha seems to require mutual
TLS, which is not supported by the Azure MySQL database. When connecting to
MySQL on Azure, TLS clients use a public SSL CA certificate to allow for
encrypted communication, and clients are authenticated at the server by
usernames and passwords. But in Koha, the koha-conf.xml configuration file
calls for a CA certificate and also for client certificate and client key for
client authentication with mutual TLS. This works for a local MySQL database
but not for a remote Azure MySQL database because the Azure MySQL database does
not provide a way to configure the CA certificate, server public key
certificate, and server private key, which must be configured correctly for
mutual TLS to work.
We need a way to connect to a remote MySQL database with TLS through the use of
a CA certificate for encryption and username and password for authentication
and without mutual TLS (that is, without the use of certificates and keys for
authentication).
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list