https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36026 Bug ID: 36026 Summary: Need TLS MySQL Connection Without Mutual Authentication Change sponsored?: --- Product: Koha Version: 22.11 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: rschet@sandia.gov QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org We’ve successfully connected our Koha site (version 22.11.12.000) to an Azure Database for MySQL flexible server without TLS encryption, but we’ve been unable to connect to the Azure MySQL database with TLS encryption enabled and required. The reason for this appears to be that Koha seems to require mutual TLS, which is not supported by the Azure MySQL database. When connecting to MySQL on Azure, TLS clients use a public SSL CA certificate to allow for encrypted communication, and clients are authenticated at the server by usernames and passwords. But in Koha, the koha-conf.xml configuration file calls for a CA certificate and also for client certificate and client key for client authentication with mutual TLS. This works for a local MySQL database but not for a remote Azure MySQL database because the Azure MySQL database does not provide a way to configure the CA certificate, server public key certificate, and server private key, which must be configured correctly for mutual TLS to work. We need a way to connect to a remote MySQL database with TLS through the use of a CA certificate for encryption and username and password for authentication and without mutual TLS (that is, without the use of certificates and keys for authentication). -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.