Search code examples
phpmysqlcodeignitermysqlicodeigniter-3

Codeigniter 3 MySQLi Secure db connection

Recently my db team upgraded db for encrypted connection. And Our portal built with using Codeigniter 3 started throwing below error.

Severity: Warning

Message: mysqli::real_connect(): (HY000/3159): Connections using insecure transport are prohibited while --require_secure_transport=ON.

Filename: mysqli/mysqli_driver.php

Line Number: 203

Previously before this change on the db side, it was working fine. And when i try to check with Codeigniter forum i was asked to check for the below link.

https://forum.codeigniter.com/thread-77193-post-384725.html#pid384725 --> https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/using-encrypted-connections.html#using-encrypted-connections-client-side-configuration

We have two sites one built with Sprint boot (Java) which uses simply (useSSL=true) and they don't get those issues. But Codeigniter started throwing the above error and i do not have clue on that.

Other details: Codeigniter Version: 3.1.11 PHP 7.3.11

Also Below is my connection string on the codeigniter side.

$db['default'] = array(
    'dsn'   => '',
    'hostname' => 'dbhost',
    'username' => 'dbusername',
    'password' => 'password',
    'database' => 'dbname',
    'dbdriver' => 'mysqli',
    'dbprefix' => '',
    'pconnect' => FALSE,
    'db_debug' => (ENVIRONMENT !== 'production'),
    'cache_on' => FALSE,
    'cachedir' => '',
    'char_set' => 'utf8',
    'dbcollat' => 'utf8_general_ci',
    'swap_pre' => '',
    'encrypt' => FALSE,
    'compress' => FALSE,
    'stricton' => FALSE,
    'failover' => array(),
    'save_queries' => TRUE,
);
Solution

  • I think, i have figured out. It just expecting me the SSL_VERIFY => FALSE, then it got connected with MySQL.

    'encrypt' => [
    'ssl_verify' => FALSE
],

    If i provide ssl_verify => TRUE, then It is expecting all the other parameters ssl_key, ssl_cert and ssl_ca. In my case, it got connected automatically to MySQL with ssl_verify ==> FALSE.

    so SSL_VERIFY false means there is no client side verification needed and hence no cert, ca and key path required. So it is again how your db has been configured. If it is configured to expect the client side verification needed, then you should pass SSL_VERIFY = TRUE with other all other details. But in my case, SSL_VERIFY = FALSE is fine. That could be the JAVA application too didn't face this problem.

    Thank you for everyone support.