AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2025-08-28 · Security-related high

File: AmazonRDS/latest/UserGuide/mariadb-ssl-connections.require-ssl.md

Summary

Changed default value of require_secure_transport parameter to ON for MariaDB 11.8+ to enforce SSL/TLS by default

Security assessment

Enforcing SSL/TLS by default in newer MariaDB versions addresses potential security risks from unencrypted connections (e.g., data interception). This is a proactive security hardening measure against man-in-the-middle attacks.

Diff

diff --git a/AmazonRDS/latest/UserGuide/mariadb-ssl-connections.require-ssl.md b/AmazonRDS/latest/UserGuide/mariadb-ssl-connections.require-ssl.md
index aba5fb22a..4770a8146 100644
--- a//AmazonRDS/latest/UserGuide/mariadb-ssl-connections.require-ssl.md
+++ b//AmazonRDS/latest/UserGuide/mariadb-ssl-connections.require-ssl.md
@@ -7 +7 @@
-Use the `require_secure_transport` parameter to require that all user connections to your MariaDB DB instance use SSL/TLS. By default, the `require_secure_transport` parameter is set to `OFF`. You can set the `require_secure_transport` parameter to `ON` to require SSL/TLS for connections to your DB instance.
+Use the `require_secure_transport` parameter to require that all user connections to your MariaDB DB instance use SSL/TLS. For versions 11.4 and earlier, the `require_secure_transport` parameter is set to `OFF` by default. For 11.8 and later versions, the default value is set to `ON`, enforcing SSL/TLS for connections to your DB instance. You can change the `require_secure_transport` parameter to `OFF` if non-secure connections are needed.