PHP Versions Question posted in
You can find a list of all versions here.

Codeigniter 3 MySQLi Secure db connection – PHP Versions

Recently my db team upgraded db for encrypted connection. And Our portal built with using Codeigniter 3 started throwing below error.

Severity: Warning

Message: mysqli::real_connect(): (HY000/3159): Connections using insecure transport are prohibited while --require_secure_transport=ON.

Filename: mysqli/mysqli_driver.php

Line Number: 203

Previously before this change on the db side, it was working fine. And when i try to check with Codeigniter forum i was asked to check for the below link.

https://forum.codeigniter.com/thread-77193-post-384725.html#pid384725 –> https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/using-encrypted-connections.html#using-encrypted-connections-client-side-configuration

We have two sites one built with Sprint boot (Java) which uses simply (useSSL=true) and they don’t get those issues. But Codeigniter started throwing the above error and i do not have clue on that.

Other details:
Codeigniter Version: 3.1.11
PHP 7.3.11

Also Below is my connection string on the codeigniter side.

$db['default'] = array(
    'dsn'   => '',
    'hostname' => 'dbhost',
    'username' => 'dbusername',
    'password' => 'password',
    'database' => 'dbname',
    'dbdriver' => 'mysqli',
    'dbprefix' => '',
    'pconnect' => FALSE,
    'db_debug' => (ENVIRONMENT !== 'production'),
    'cache_on' => FALSE,
    'cachedir' => '',
    'char_set' => 'utf8',
    'dbcollat' => 'utf8_general_ci',
    'swap_pre' => '',
    'encrypt' => FALSE,
    'compress' => FALSE,
    'stricton' => FALSE,
    'failover' => array(),
    'save_queries' => TRUE,
);
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I think, i have figured out. It just expecting me the SSL_VERIFY => FALSE, then it got connected with MySQL.

    'encrypt' => [
    'ssl_verify' => FALSE
],

    If i provide ssl_verify => TRUE, then It is expecting all the other parameters ssl_key, ssl_cert and ssl_ca. In my case, it got connected automatically to MySQL with ssl_verify ==> FALSE.

    so SSL_VERIFY false means there is no client side verification needed and hence no cert, ca and key path required. So it is again how your db has been configured. If it is configured to expect the client side verification needed, then you should pass SSL_VERIFY = TRUE with other all other details. But in my case, SSL_VERIFY = FALSE is fine. That could be the JAVA application too didn't face this problem.

    Thank you for everyone support.


  2. 0

    You need some more configurations to set your SSL keys on the MySQL connection.
    In encrypt key create an array and fill it with this key/values.

    ‘ssl_key’ - Path to the private key file
‘ssl_cert’ - Path to the public key certificate file
‘ssl_ca’ - Path to the certificate authority file
‘ssl_capath’ - Path to a directory containing trusted CA certificates in PEM format
‘ssl_cipher’ - List of allowed ciphers to be used for the encryption, separated by colons (‘:’)
‘ssl_verify’ - TRUE/FALSE; Whether to verify the server certificate or not (‘mysqli’ only)
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search