MySQL connection over SSL possible?

Anders Holm anders.holm at
Wed Jun 11 11:30:52 CEST 2008

Indeed, stunnel is one way to go, another might be SSH tunnels, or as another poster mentioned IPSec tunnels.

Yes, data integrity and security of the data is vital, along the whole path from backend storage to end device, so this is just one piece of that puzzle ...

What I'll do short term is to look at ways to create a secure tunnel, and if time permitting see if I can manage to create a patch that someone that has better coding skills then me would then need to sanitize.. :)

I can see a few new options coming out from such a patch

   ssl = yes
   <options to point to various SSL certificate files>

I haven't checked, but from memory I'm not even sure it's possible to specify a port number for the database, need to check that too .. Questions, questions, and so little time .. :)


----- Original Message -----
From: "A L M Buxey" <A.L.M.Buxey at>
To: "FreeRadius users mailing list" <freeradius-users at>
Sent: Monday, June 9, 2008 6:19:30 PM GMT +00:00 GMT Britain, Ireland, Portugal
Subject: Re: MySQL connection over SSL possible?

> No. Driver is sql_mysql.c file in
> src/modules/rlm_sql/drivers/rlm_sql_mysql/ folder of your distribution.
> You will need to edit the source file and recompile to have  freeradius
> mysql client ask for a SSL connection.

hmm, i could see a future with sql.conf containing

ssl = yes

and each SQL driver, if supported, using SSL method to connect.
would probably also need certs etc in the config for this to happen.

for another option, without editing code, use eg stunnel to connect
to the remote SQL server and then tell FreeRADIUS to use the
local end port of the stunnel session.

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list