Remote MySQL backend encryption

John Dennis jdennis at
Mon Apr 26 21:04:17 CEST 2010

On 04/26/2010 01:57 PM, Eric.Hernandez at wrote:
> Hi,
> I am trying to figure out if need to encrypt my traffic from a
> FreeRadius server to a remote MySQL backend.
> I have the following setup.
> FreeRadius/MySQL (Server1)
> FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing MySQL
> Master to Master (ssl) Replication
> Now I want to add a third FreeRadius server without a local MySQL Backend.
> So this third server will point to either Server1 or Server2 which runs
> MySQL but will these request be sent to the remote MySQL Servers in
> clear text?

This has nothing to do with how many MySQL servers you've got or how 
you're doing replication, encryption occurs on a per connection basis 
(e.g. connections established via rlm_sql_mysql). rlm_sql_mysql never 
opens an encrypted session with it's server because rlm_sql_mysql does 
not have an option to set SSL/TLS transport (e.g. does not call 
mysql_ssl_set()). That probably would be a good feature to add.

John Dennis <jdennis at>

Looking to carve out IT costs?

More information about the Freeradius-Users mailing list