[Koha-bugs] [Bug 36026] New: Need TLS MySQL Connection Without Mutual Authentication

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Feb 7 21:16:42 CET 2024 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36026

            Bug ID: 36026
           Summary: Need TLS MySQL Connection Without Mutual
                    Authentication
 Change sponsored?: ---
           Product: Koha
           Version: 22.11
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: rschet at sandia.gov
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

We’ve successfully connected our Koha site (version 22.11.12.000) to an Azure
Database for MySQL flexible server without TLS encryption, but we’ve been
unable to connect to the Azure MySQL database with TLS encryption enabled and
required.  The reason for this appears to be that Koha seems to require mutual
TLS, which is not supported by the Azure MySQL database. When connecting to
MySQL on Azure, TLS clients use a public SSL CA certificate to allow for
encrypted communication, and clients are authenticated at the server by
usernames and passwords. But in Koha, the koha-conf.xml configuration file
calls for a CA certificate and also for client certificate and client key for
client authentication with mutual TLS.  This works for a local MySQL database
but not for a remote Azure MySQL database because the Azure MySQL database does
not provide a way to configure the CA certificate, server public key
certificate, and server private key, which must be configured correctly for
mutual TLS to work.

We need a way to connect to a remote MySQL database with TLS through the use of
a CA certificate for encryption and username and password for authentication
and without mutual TLS (that is, without the use of certificates and keys for
authentication).

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.

More information about the Koha-bugs mailing list