Mysql data not seen in packetbeats

Thanks for the information. I see that the mysql version has it specified that it uses TLS. Looks like the latest versions of Mysql are having TLS enabled by default unlike the older versions. Do you know if it is possible to disable the TLS encryption on mysql 5.7.13?

mysql> SHOW VARIABLES LIKE "%version%";
| Variable_name | Value |
| innodb_version | 5.7.13 |
| protocol_version | 10 |
| slave_type_conversions | |
| tls_version | TLSv1,TLSv1.1 |
| version | 5.7.13 |
| version_comment | MySQL Community Server (GPL) |
| version_compile_machine | x86_64 |
| version_compile_os | Linux |
8 rows in set (0.22 sec)

see mysql cli options docs. While server provides TLS support, the client has to choose whether to use encryption (which is the case by default).

Also check require_secure_transport system variable.

Seems like TLS can not be disabled on server side, but client side only.

Hi Steffens,

I see that the variable require_secure_transport is set to OFF by default.

[root@ip-10-39-196-70 conf]# mysql -u pd_integration -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9201
Server version: 5.7.13 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show variables like '%secure%';
| Variable_name | Value |
| require_secure_transport | OFF |
| secure_auth | ON |
| secure_file_priv | /var/lib/mysql-files/ |
3 rows in set (0.01 sec)


Unfortunately I haven't found an option in mysql server to disable SSL support. I only found this bug report.

So, it's up to the client to disable tls. For example use --skip-ssl when running CLI mysql client like:

$ mysql --skip-ssl --protocol=TCP  -u pd_integration -p

Starting mysql client like this, you should be able to monitor commands with packetbeat or tcpdump. E.g. try SELECT 1;.

If and how you can disable SSL depends on clients/libs in use.

This topic was automatically closed after 21 days. New replies are no longer allowed.