MySQL Database server “enforce SSL connection” should be enabled

Description

MySQL Database server “enforce SSL connection” should be enabled. Enforcing SSL connections between your database server and your client applications helps protect against “man in the middle” attacks by encrypting the data stream between the server and your application.

Remediation Steps

Azure Portal

  • Navigate to SQL Servers.

  • Select the MySQL server.

  • In the left navigation under Settings, select Connection security.

  • In SSL settings, select Enable.

  • Click Save.

Azure CLI

  • To enforce SSL connection on MySQL Database server:

az mysql server update --resource-group <resourceGroupName> --name <serverName> --ssl-enforcement Enabled

Azure Resource Manager

{
  "properties": {
    "sslEnforcement": "Enabled"
  }
  # other required fields here
}

Example Configuration

{
  "type": "Microsoft.DBforMySQL/servers",
  "apiVersion": "2017-12-01",
  "name": "TestServer",
  "properties": {
    "sslEnforcement": "Enabled"
  }
  # other required fields here
}

Terraform

  • Ensure that an azurerm_mysql_server resource contains the following:

    • ssl_enforcement_enabled = true

Example Configuration

resource "azurerm_mysql_server" "example" {
  ssl_enforcement_enabled = true

  # other required fields here
}