[wp-trac] [WordPress Trac] #28625: Enhancement: Add constants to support SSL connections for mysqli

WordPress Trac noreply at wordpress.org
Tue Feb 2 18:53:13 UTC 2021 

#28625: Enhancement: Add constants to support SSL connections for mysqli
----------------------------------------+-----------------------------
 Reporter:  hypertextranch              |       Owner:  (none)
     Type:  enhancement                 |      Status:  assigned
 Priority:  normal                      |   Milestone:  Future Release
Component:  Database                    |     Version:  4.0
 Severity:  normal                      |  Resolution:
 Keywords:  has-patch needs-unit-tests  |     Focuses:  privacy
----------------------------------------+-----------------------------

Comment (by hypertextranch):

 Replying to [comment:21 pbiron]:
 > Note, I discovered over the weekend that, in at least some cases, WP 5.6
 is capable of opening a secure connection to MySQL without any mods (or
 need for something like the Secure DB Connection plugin).
 >
 > Don't know whether that is a result of changes in core/MySQL/PHP since
 this ticket was opened (until a few days ago I didn't know that encrypted
 connections to MySQL where possible :-)
 >
 > I've tested in the follow 2 environments, and all I had to do was add
 >
 > `define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL )`
 >
 > to `wp-config.php` to get an encrypted connection.

 I believe it depends on your server setup, if the system MySQL client was
 installed with trusted root certs and your database is using a key/cert
 that's signed by a root cert that you trust on the client then just adding
 the `MYSQLI_CLIENT_SSL` flag is enough. On modern systems with more root
 CAs preinstalled and use of cloud based database services that configure
 and install keys signed by common root CAs the need to explicitly set
 custom keys/certs/CAs becomes less needed.

 This issue / patch was made for a time when things like
 https://letsencrypt.org didn't exist and spinning up a database didn't
 always come with a cert and might mean needing to generate random self-
 signed stuff.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/28625#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list