'Azure Advisor for MySql suggesting updating TLS version to 1.2 - server already running 'tls_version: TLSv 1.2'
Azure advisor has recommended: Your Azure Database for MySQL - Flexible Server is vulnerable using weak, deprecated TLSv1 or TLSv1.1 protocols
I have checked my tls_version on my MySql server and returned TLSv1.2.
Unsure why Azure thinks I am running a deprecated TLS version when the only version listed is TLSv1.2.. Help would be appreciated. Thanks.
Solution 1:[1]
It's not that you actually use the obsolete old versions of TLS, it's that your MySql server can use them. That's a vulnerability because cybercreeps can try to connect to your server with them and then exploit their weaknesses.
Say this to MySql: SHOW GLOBAL VARIABLES LIKE 'tls_version'. You'll probably see something like TLSv1,TLSv1.1,TLSv1.2.
You can change this system variable to say just TLSv1.2 at MySql server startup time. Doing so will remove the vulnerability. (Changing the startup configuration is described in the linked article, and it's tricky enough that you should read the article; I don't want to try to give you a short version here, because the exact configurations can be OS and MySql version dependent.)
Or the security advisor program you use has it wrong. That is possible.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | O. Jones |