You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by GitBox <gi...@apache.org> on 2020/06/22 11:22:55 UTC
[GitHub] [guacamole-manual] necouchman commented on a change in pull request #140: GUACAMOLE-728: Document SSL properties for MySQL and PostgreSQL.
necouchman commented on a change in pull request #140:
URL: https://github.com/apache/guacamole-manual/pull/140#discussion_r443490201
##########
File path: src/chapters/jdbc-auth.xml
##########
@@ -98,6 +98,113 @@
</varlistentry>
</variablelist>
</para>
+ <para>The MySQL Driver implements several parameters specific to conifiguring
+ SSL for secure connections to MySQL servers that support or require
+ encrypted communications. The parameters are as follows:</para>
+ <informaltable frame="all">
+ <tgroup cols="2">
+ <colspec colname="c1" colnum="1" colwidth="1*"/>
+ <colspec colname="c2" colnum="2" colwidth="3.55*"/>
+ <thead>
+ <row>
+ <entry>Property</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><property>mysql-ssl-mode</property></entry>
+ <entry>
+ <para>This property sets the SSL mode that the JDBC
+ driver will attempt to use when communicating
+ with the remote MySQL server. The values for
+ this property match the standard values supported
+ by the MySQL and MariaDB JDBC drivers:</para>
+ <variablelist>
+ <varlistentry>
+ <term>disabled</term>
+ <listitem>
+ <para>Do not use SSL, and fail if the
+ server requires it. For Guacamole
+ this is the default.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>preferred</term>
+ <listitem>
+ <para>Prefer SSL, but fall back to
+ plaint-text if an SSL connection
+ cannot be negotiated.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>required</term>
+ <listitem>
+ <para>Require SSL connection, and fail
+ if SSL cannot be negotiated. Does not
+ perform any validity checks on the
+ certificate issued by the server, the
+ issuer, etc.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>verify-ca</term>
+ <listitem>
+ <para>Require SSL connection, and check
+ to make sure that the certificate issuer
+ is known to be valid.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>verify-identity</term>
+ <listitem>
+ <para>Require SSL connection, and check
+ to make sure that the server certificate
+ is issued by a known authority, and that
+ the identity of the server matches the
+ identity on the certificate.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </entry>
+ </row>
+ <row>
+ <entry><property>mysql-ssl-trust-store</property></entry>
+ <entry>
+ <para>The file that will store trusted SSL certificates
+ for the JDBC driver to use when validating CA and
+ server certificates. This should be a JKS-formatted
+ certificate store. This property is optional and
+ defaults to Java's normal trusted certificate
+ locations, which varies based on the version of
+ Java in use.</para>
+ </entry>
+ </row>
+ <row>
+ <entry><property>mysql-ssl-trust-password</property></entry>
+ <entry>
+ <para>A password to use to access the SSL trusted
+ certificate store, if one is required. By default
+ this is undefined.</para>
+ </entry>
+ </row>
+ <row>
+ <entry><property>mysql-ssl-client-store</property></entry>
+ <entry>
+ <para></para>
+ </entry>
+ </row>
+ <row>
+ <entry><property>mysql-ssl-client-password</property></entry>
+ <entry>
+ <para>The password Guacamole should provide when authenticating with
+ the database. This is given as "some_password" in the examples
+ given in this chapter.</para>
Review comment:
Oops, copy-pasta...
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org