Mariadb and tls

English Applications
1

Leap 16.0 mandates TLS which destroys the crisp responsiveness of mythtv. Using localhost which is free of TLS comparing to the same sw using the same sw on ip using tls is chalk-n-cheese.

Setting (my.cnf)
[client]
ssl-verify-server-cert=OFF

The MariaDB server

[mysqld]
require_secure_transport=OFF

should work, it says it does
MariaDB [(none)]> SHOW VARIABLES LIKE ‘require_secure_transport’;
±-------------------------±------+
| Variable_name | Value |
±-------------------------±------+
| require_secure_transport | OFF |
±-------------------------±------+

but it does not

2025-10-17 14:01:19.077706 I [375929/375929] CoreContext mythcontext.cpp:896:TestDBconnection Start up testing connections. DB 192.168.5.10, BE , attempt 4, status dbStarted, Delay: 2000
2025-10-17 14:01:19.080032 E [375929/375929] CoreContext mythdbcon.cpp:247:OpenDatabase [DBManager4] Unable to connect to database!
2025-10-17 14:01:19.080049 E [375929/375929] CoreContext mythdbcon.cpp:248:OpenDatabase Driver error was [1/2026]:
QMYSQL: Unable to connect
Database error was:
TLS/SSL error: SSL is required, but the server does not support it

2025-10-17 14:01:19.077706 I [375929/375929] CoreContext mythcontext.cpp:896:TestDBconnection Start up testing connections. DB 192.168.5.10, BE , attempt 4, status dbStarted, Delay: 2000
2025-10-17 14:01:19.080032 E [375929/375929] CoreContext mythdbcon.cpp:247:OpenDatabase [DBManager4] Unable to connect to database!
2025-10-17 14:01:19.080049 E [375929/375929] CoreContext mythdbcon.cpp:248:OpenDatabase Driver error was [1/2026]:
QMYSQL: Unable to connect
Database error was:
TLS/SSL error: SSL is required, but the server does not support it

Unless I can find a way to disable this assine behaviour I’l have to drop openSuse
James
PS If anyone is inclined to waffle about security the only access is my wife. I do not think she poses a threat;

2

James, a bit of silly question, but does the MythTV package when installed on Leap 16 depend on TLS? The error message seems to lead in that direction. Maybe it can be shut off in the MythTV config file?

3

Looking at the following MariaDB information:
<Securing Connections for Client and Server>

Starting from 11.4 MariaDB encrypts the transmitted data between the server and clients by default unless the server and client run on the same host.

Before that the default behavior was to transmit the data unencrypted over the network introducing a security concerns as a malicious actor could potentially eavesdrop on the traffic as it is sent over the network between them.

It seems that, you’ve pretty much followed what the MaraDB folks advised but, maybe there’s something in addition which needs to be done.

AFAICS, there’s nothing in Leap 16 as such which forces TLS at a system level –

  • There ain’t nothing in the Release Notes pointing to anything in this direction apart from –

NFS over TLS is now supported for storage traffic.

Therefore, TLS is only triggered by an application – such as MariaDB …

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.