Date: Tue, 21 Oct 2008 14:43:36 -0400 From: John Almberg <jalmberg@identry.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: mysql connection through ssl tunnel Message-ID: <51D1673D-4689-4F9A-8217-CFC5C58A1145@identry.com> In-Reply-To: <48FD8876.5090805@infracaninophile.co.uk> References: <8B945891-5F96-4FBF-8175-15F67F03DD92@identry.com> <48D8F881.1010000@unsane.co.uk> <912A74FB-0292-4A53-B480-34FE69D9C465@identry.com> <20081020212103.GA13334@icarus.home.lan> <007ABF71-6D85-4849-A9E7-933D18236EE8@identry.com> <48FD8876.5090805@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 21, 2008, at 3:44 AM, Matthew Seaman wrote: > John Almberg wrote: > >> I do know that Mysql supports SSL... somehow this got discounted >> early in the discussion, perhaps mistakenly? > > I believe the thinking was that although MySQL claims to support SSL, > it does in fact make a pretty bodge of it, and a more effective > approach is to pipe MySQL traffic through an encrypted tunnel. > > Personally I just use IPSec for this, but people might also like to > consider stunnel (http://www.stunnel.org/) or OpenVPN (http:// > openvpn.net/) Stunnel and OpenVPN are on my list, in case autossh has unexpected problems, but I figured I'd try the simplest approach first. Other than figuring out what holes to poke in the firewalls, autossh was pretty simple to set up. Now I just need to figure out how to start it on reboot, but that is something I've been meaning to learn, anyway, so I don't mind. I appreciate your help. -- John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51D1673D-4689-4F9A-8217-CFC5C58A1145>