Improving the security and usability of TLS in MariaDB

Presentation materials

PDF Improving the security and usability of TLS in MariaDB

Date and time

  • Wednesday 4 October, 16:55 – 17:40 EET (UTC+3)


Transport Layer Security (TLS) provides encryption and peer authentication for most networked applications today, including MariaDB. Used correctly, it can guarantee the creation of an end-to-end encrypted channel, even against attackers who can inspect and modify traffic in a pervasive and stateful way.

MariaDB uses TLS in several incorrect and unsafe ways, as well as making it hard to configure correctly. I will describe resulting bugs and vulnerabilities, and suggest fixes and improvements.

Daniel Lenski, Amazon Web Services

Daniel Lenski has been a member of the MySQL/MariaDB open-source core team at Amazon Web Services for 2 years, focusing on improving development, build, and test processes with the goals of improving correctness and reliability of the MariaDB and MySQL database engines.

He is also a core developer of the open-source OpenConnect VPN client, which uses TLS (as well as DTLS and ESP) to support connections to an every-expanding number of VPN protocols in a consistent way.