PHP 5.6, MySQL, SSL and self-signed certificates

Question

PHP 5.6, MySQL, SSL and self-signed certificates

After upgrading to PHP 5.6, I recently ran into some problems with secure MySQL connections. This applies to MySQLi as well as PDO.

Here are my settings:

MySQLi:

$db->ssl_set('/etc/mysql/certs/client-key.pem', '/etc/mysql/certs/client-cert.pem', '/etc/mysql/certs/ca-cert.pem', NULL, NULL);

PDO:

array(
 PDO::MYSQL_ATTR_SSL_KEY    => '/path/to/client-key.pem',
 PDO::MYSQL_ATTR_SSL_CERT   => '/path/to/client-cert.pem',
 PDO::MYSQL_ATTR_SSL_CA     => '/path/to/ca-cert.pem'
)

Firstly, I get the error message "dh key too small".

Secondly, I get the error "certificate verification failed."

I am using a self-signed certificate that was generated using openssl according to this tutorial .

+4

php mysql mysqli pdo ssl

Mel_T Jul 15 '15 at 7:51

source share

1 answer

Mel_T · Accepted Answer · 2015-07-15T14:49:41+0000

After a series of studies, I found the answers to my problems:

1. Error "dh key too small"

- logjam DH 768 , MySQL - 512 . (: MySQL 5.7). , . CAMELLIA128-.

MySQLi:

$db->ssl_set('/etc/mysql/certs/client-key.pem', '/etc/mysql/certs/client-cert.pem', '/etc/mysql/certs/ca-cert.pem', NULL, 'CAMELLIA128-SHA');

PDO:

array(
 PDO::MYSQL_ATTR_SSL_KEY    => '/path/to/client-key.pem',
 PDO::MYSQL_ATTR_SSL_CERT   => '/path/to/client-cert.pem',
 PDO::MYSQL_ATTR_SSL_CA     => '/path/to/ca-cert.pem',
 PDO::MYSQL_ATTR_SSL_CIPHER => 'CAMELLIA128-SHA'
)

2. " "

" " :

CA: hostname 
Server: FQDN, e.g. hostname.example.com 
Client: somename

, , , , . hostname.example.com.

PHP 5.6, MySQL, SSL and self-signed certificates

1. Error "dh key too small"

2. " "

More articles: