Description:
Enable SSL connection on MYSQL Servers.
Rationale:
SSL connectivity helps to provide a new layer of security by connecting database server
to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections
between database server and client applications helps protect against "man in the
middle" attacks by encrypting the data stream between the server and application.
Audit:
From Azure Portal
1. Login to Azure Portal using https://portal.azure.com
2. Go to Azure Database for MySQL servers
3. For each database, click on Connection security
4. In SSL settings, ensure Enforce SSL connection is set to ENABLED.
From Azure CLI
Ensure the output of the below command returns ENABLED.
az mysql server show --resource-group <resourceGroupName> --name <serverName> --query sslEnforcement
Remediation:
From Azure Portal
1. Login to Azure Portal using https://portal.azure.com
2. Go to Azure Database for MySQL servers
3. For each database, click on Connection security
4. In SSL settings, click on ENABLED to Enforce SSL connections
From Azure CLI
Use the below command to set MYSQL Databases to Enforce SSL connection.
az mysql server update --resource-group <resourceGroupName> --name <serverName> --ssl-enforcement Enabled
Default Value:
Azure Database for MySQL when provisioned through the Azure portal or CLI will
require SSL connections by default.
References:
1. https://docs.microsoft.com/en-us/azure/mysql/single-server/concepts-sslconnection-security
2. https://docs.microsoft.com/en-us/azure/mysql/single-server/how-to-configure-ssl
3. https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-
data-protection#dp-3-encrypt-sensitive-data-in-transit