AWS AmazonRDS high security documentation change
Summary
Changed default value of require_secure_transport parameter to ON for MariaDB 11.8+ to enforce SSL/TLS by default
Security assessment
Enforcing SSL/TLS by default in newer MariaDB versions addresses potential security risks from unencrypted connections (e.g., data interception). This is a proactive security hardening measure against man-in-the-middle attacks.
Diff
diff --git a/AmazonRDS/latest/UserGuide/mariadb-ssl-connections.require-ssl.md b/AmazonRDS/latest/UserGuide/mariadb-ssl-connections.require-ssl.md index aba5fb22a..4770a8146 100644 --- a//AmazonRDS/latest/UserGuide/mariadb-ssl-connections.require-ssl.md +++ b//AmazonRDS/latest/UserGuide/mariadb-ssl-connections.require-ssl.md @@ -7 +7 @@ -Use the `require_secure_transport` parameter to require that all user connections to your MariaDB DB instance use SSL/TLS. By default, the `require_secure_transport` parameter is set to `OFF`. You can set the `require_secure_transport` parameter to `ON` to require SSL/TLS for connections to your DB instance. +Use the `require_secure_transport` parameter to require that all user connections to your MariaDB DB instance use SSL/TLS. For versions 11.4 and earlier, the `require_secure_transport` parameter is set to `OFF` by default. For 11.8 and later versions, the default value is set to `ON`, enforcing SSL/TLS for connections to your DB instance. You can change the `require_secure_transport` parameter to `OFF` if non-secure connections are needed.