0

I think my question is similar to C#: how to check if a MySqlConnection is using SSL or not?, but unfortunately it doesn't have good answers because it is unclear maybe. So here's my take:

I have created a new connection:

var connection = new MySqlConnection("Data Source=example.com;Port=3306;Database=Foo;User Id=root;Password=foo;SSL Mode=Required");

How do I verify it uses SSL, is there something like connection.IsOverSSL?

Edit:

I tried using SHOW SESSION STATUS LIKE 'Ssl_cipher', but this gives me Ssl_cipher even if SSL Mode=Required:

The code I use is:

var connection = new MySqlConnection(ConfigurationManager.AppSettings["Test"]);
connection.Open();
var command = new MySqlCommand("SHOW SESSION STATUS LIKE \'Ssl_cipher\'", connection);
MySqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
    Console.WriteLine(reader.GetString(0));
}

According to https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html, it should give me Ssl_cipher | DHE-RSA-AES128-GCM-SHA256

sashoalm
  • 75,001
  • 122
  • 434
  • 781
  • 1
    I think there's no specific property provided to check if `MySqlConnection` uses SSL. The nearest way is capturing network traffic with external tool as given in these similar issues: https://stackoverflow.com/questions/42703027/how-determine-if-using-ssl-in-a-mysql-connection & https://stackoverflow.com/questions/14389921/how-to-check-whether-a-mysql-connection-is-ssl-encrypted. – Tetsuya Yamamoto Oct 06 '17 at 09:15

2 Answers2

0

You can look at the connection string for the word "SSL". This would allow you to know if your IDbConnection is using ssl in this case. For a list of the connection strings that you could use with MySql, please visit ConnectionStrings.com. Let me know if this solves your problem.

I would try looking at the connection string. Here is a solution to demonstrate this. 

var connStr = "Data Source=example.com;Port=3306;Database=Foo;User Id=root;Password=foo;SSL Mode=Required";
var sslElement = connStr.Split(';')
    .SingleOrDefault(s => s.StartsWith("SSL", StringComparison.InvariantCultureIgnoreCase));

var sslModeEnabled = (sslElement != null 
    && string.Equals(sslElement.Split('=')[1].Trim(), "None", StringComparison.InvariantCultureIgnoreCase) == false);


Console.WriteLine($"SSL Mode Enabled: {sslModeEnabled}");
dacke.geo
  • 233
  • 2
  • 13
  • My problem is I don't trust the connection string - what if "the word SSL" has no effect? How do you know it does anything? Maybe it's not honored. – sashoalm Oct 06 '17 at 14:55
  • What do you mean you don't trust the connection string? The connection string for MySql must be in a certain format correct? Here is the reference [Chapter 6 Connector/Net Connection-String Options Reference](https://dev.mysql.com/doc/connector-net/en/connector-net-connection-options.html). According to their own documentation, you have only three options for the name. SSL Mode, SslMode, and Ssl-Mode. All three have the word "SSL" in them. The other alternative is to split on the ';' character and find the SSL element and look for its value to validate. Does this help? – dacke.geo Oct 06 '17 at 15:00
  • My connection string already has `SSL Mode=Required`. My question wasn't about that. I am not sure that the flag itself has effect, so I want to independently verify that the connection is actually SSL. – sashoalm Oct 06 '17 at 15:30
0

Turns out I wasn't printing the second column of the query, this now works:

var connection = new MySqlConnection(ConfigurationManager.AppSettings["Test"]);
connection.Open();
var command = new MySqlCommand("SHOW SESSION STATUS LIKE \'Ssl_cipher\'", connection);
MySqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
    Console.WriteLine($"{reader.GetString(0)}: {reader.GetString(1)}");
}

It prints Ssl_cipher: AES256-SHA for SSL Mode=Required, and Ssl_cipher: for SSL Mode=None. On the other hand, I get Ssl_cipher: AES256-SHA even if SSL Mode is missing altogether so maybe it's on by default.

sashoalm
  • 75,001
  • 122
  • 434
  • 781