Requiring SSL/TLS for all connections to a MySQL DB instance on Amazon RDS - Amazon Relational Database Service

Requiring SSL/TLS for all connections to a MySQL DB instance on Amazon RDS

Use the require_secure_transport parameter to require that all user connections to your MySQL DB instance use SSL/TLS. By default, the require_secure_transport parameter is set to OFF. You can set the require_secure_transport parameter to ON to require SSL/TLS for connections to your DB instance.

You can set the require_secure_transport parameter value by updating the DB parameter group for your DB instance. You don't need to reboot your DB instance for the change to take effect.

When the require_secure_transport parameter is set to ON for a DB instance, a database client can connect to it if it can establish an encrypted connection. Otherwise, an error message similar to the following is returned to the client:

MySQL Error 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.

For information about setting parameters, see Modifying parameters in a DB parameter group in Amazon RDS.

For more information about the require_secure_transport parameter, see the MySQL documentation.