How to make an ssl based tcp connection to memsql in Go

Question

I'm trying to setup an ssl based tcp connection to memsql using Go.

The application/services are running as openshift pods and written in Go.

1. Can I have one-way authentication to memsql from the service?
2. Do I need to enable any port in memsql to listen for tls based ssl connection?
3. Apart from updating the DSN in my service to tls=true, what can be the alternative to customise this configuration.
4. Can someone suggest an efficient way to connect to memsql with ssl enabled?

I've followed the memsql documentation and inserted the certificates to memsql master and aggregator, as well as made the permission check enabled, but still I'm able to get into the memsql without giving the rootCertificate in the login.

Currently the connection is established by following code:

db, err := sql.Open("mysql", DSN) and
DSN=root:@tcp(IPAddress:3306)/riodev?interpolateParams=true&parseTime=true

Answer 1

1. Can you clarify what your question is? The SSL authentication is one-way, the client verifies the server. The server verifies the client via their login information.

2. No, MemSQL uses the same port for SSL and non-SSL connections.

3. You may also need to configure the SSL certificate, as described in https://github.com/go-sql-driver/mysql#tls.

4. Most client libraries support connecting with SSL.

I've followed the memsql documentation and inserted the certificates to memsql master and aggregator, as well as made the permission check enabled, but still I'm able to get into the memsql without giving the rootCertificate in the login.

Is it possible the connection is already using SSL? It may be using SSL-preferred mode without verifying the certificate.