Description:

Enable SSL connection on MYSQL Servers.


Rationale:

SSL connectivity helps to provide a new layer of security by connecting database server

to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections

between database server and client applications helps protect against "man in the

middle" attacks by encrypting the data stream between the server and application.


Audit:

From Azure Portal

1. Login to Azure Portal using https://portal.azure.com

2. Go to Azure Database for MySQL servers

3. For each database, click on Connection security

4. In SSL settings, ensure Enforce SSL connection is set to ENABLED.


From Azure CLI

Ensure the output of the below command returns ENABLED.

az mysql server show --resource-group <resourceGroupName> --name

<serverName> --query sslEnforcement

Remediation:

From Azure Portal

1. Login to Azure Portal using https://portal.azure.com

2. Go to Azure Database for MySQL servers

3. For each database, click on Connection security

4. In SSL settings, click on ENABLED to Enforce SSL connections


From Azure CLI

Use the below command to set MYSQL Databases to Enforce SSL connection.

 

az mysql server update --resource-group <resourceGroupName> --name

<serverName> --ssl-enforcement Enabled


Default Value:

Azure Database for MySQL when provisioned through the Azure portal or CLI will

require SSL connections by default.


References:

1. https://docs.microsoft.com/en-us/azure/mysql/single-server/concepts-sslconnection-security

2. https://docs.microsoft.com/en-us/azure/mysql/single-server/how-to-configure-ssl

3. https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-

data-protection#dp-3-encrypt-sensitive-data-in-transit