Skip to content

Enforce SSL encrypted DB connections #4568

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 19, 2025
Merged

Enforce SSL encrypted DB connections #4568

merged 1 commit into from
Sep 19, 2025

Conversation

bogsi17
Copy link
Contributor

@bogsi17 bogsi17 commented Sep 9, 2025

  • By setting the rds.force_ssl DB parameter, the DB will only accept SSL encrypted connections.
  • On the client side, the verify-full parameter requires SSL connections and also enforces a certificate verification. For that reason, the public root CA certificate needs to exist on the app

Jira-Issue: MAV-1600

@bogsi17 bogsi17 requested review from a team as code owners September 9, 2025 12:47
@bogsi17 bogsi17 added infrastructure Related to infrastructure changes security labels Sep 9, 2025
TheOneFromNorway
TheOneFromNorway reviewed Sep 9, 2025
View reviewed changes
@bogsi17 bogsi17 force-pushed the enforce_ssl_db_connection branch from feb0c07 to 33c32d5 Compare September 9, 2025 13:31
Base automatically changed from query_execution_plan to next September 9, 2025 14:44
@bogsi17 bogsi17 force-pushed the enforce_ssl_db_connection branch from 33c32d5 to f57f6c0 Compare September 10, 2025 07:31
@bogsi17 bogsi17 added this to the v4.3.0 milestone Sep 10, 2025
@bogsi17
Enforce SSL encrypted DB connections
327f67f 
* By setting the `rds.force_ssl` DB parameter, the DB will only accept SSL encrypted connections.
* On the client side, the `verify-full` parameter requires SSL connections and also enforces a certificate verification. For that reason, the public root CA certificate needs to exist on the app

Jira-Issue: MAV-1600
@bogsi17 bogsi17 force-pushed the enforce_ssl_db_connection branch from f57f6c0 to 327f67f Compare September 19, 2025 09:51
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@thomasleese thomasleese merged commit 6becb75 into next Sep 19, 2025
13 checks passed
@thomasleese thomasleese deleted the enforce_ssl_db_connection branch September 19, 2025 10:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomasleese thomasleese thomasleese approved these changes

@TheOneFromNorway TheOneFromNorway TheOneFromNorway approved these changes

Assignees
No one assigned
Labels
infrastructure Related to infrastructure changes security
Projects
None yet
Milestone
v4.3.0
Development

Successfully merging this pull request may close these issues.
3 participants
@bogsi17 @thomasleese @TheOneFromNorway