`require_secure_transport`

WARNING

Rule IDs: sec_001

Overview

Purpose: Documented in the MySQL 8.4 manual as a server system variable (scope: Global). Purpose and semantics are described at the linked manual page.
Dynamic (MySQL 8.4 reference): MySQL 8.4 marks this variable as dynamic (Dynamic = Yes). Runtime changes use SET GLOBAL (global scope) or SET SESSION (session scope) — confirm syntax and persistence (SET PERSIST) in the manual.
Default value: OFF (MySQL 8.4)
Version and product notes: MariaDB and Percona Server may use different names, defaults, or dynamic behavior; verify their documentation.
Documentation: https://dev.mysql.com/doc/refman/8.4/en/server-system-variables.html#sysvar_require_secure_transport
Other vendors: MariaDB KB Percona Docs

What is checked

Rules that reference this variable, with their severity and what each rule detects:

WARNING sec_001: Set require_secure_transport=ON to enforce SSL/TLS for all client connections.

Tuning guidance

Recommended actions:
- Set require_secure_transport=ON to enforce SSL/TLS for all client connections.
Trade-offs: Security settings protect against unauthorized access and data exposure. Tighter settings may require application changes (e.g., SSL certificates for require_secure_transport, IP-based grants for skip_name_resolve).

Example

SET GLOBAL require_secure_transport = ON; -- Requires SSL certificates to be configured first

Always validate on a non-production instance first. Use SET PERSIST (MySQL 8.0+) for changes that should survive restarts.

Generated from the MySQL Advisor documentation build. Dynamic Yes/No reflects the excerpt aligned with Oracle MySQL 8.4 reference material consumed by this project.