MDEV-13362: implement --require_secure_transport option

Currently, if a user wants to require TLS for every connection made over the network, then every user account on the system needs to be created with "REQUIRE SSL" or one of the other TLS options. Implementing a require_secure_transport system varuable (which, in particular, can be set using the --require_secure_transport=ON command line option) in the MariaDB Server would make it a lot easier to require TLS (or other secure transport) system-wide. This patch implements this new system variable, adds the ability to set it with SQL statements, from the command line and from the configuration file, and also contains improvements for mtr that allow the user to establish non-secure TCP/IP connections (for example, to verify the operation of the new option).
6 years ago · 28fabc86db
14 changed files with 204 additions and 61 deletions
--- a/client/mysqltest.cc
+++ b/client/mysqltest.cc
@ -5893,13 +5893,21 @@ do_handle_error:

 */

+enum use_ssl
+{
+  USE_SSL_FORBIDDEN = -1,
+  USE_SSL_IF_POSSIBLE,
+  USE_SSL_REQUIRED
+};
+
 void do_connect(struct st_command *command)
 {
+  uint protocol= opt_protocol;
  int con_port= opt_port;
  char *con_options;
  char *ssl_cipher __attribute__((unused))= 0;
-  my_bool con_ssl= 0, con_compress= 0;
-  my_bool con_pipe= 0;
+  enum use_ssl con_ssl= USE_SSL_IF_POSSIBLE;
+  my_bool con_compress= 0;
  int read_timeout= 0;
  int write_timeout= 0;
  int connect_timeout= 0;
@ -5981,16 +5989,38 @@ void do_connect(struct st_command *command)
      end++;
    length= (size_t) (end - con_options);
    if (length == 3 && !strncmp(con_options, "SSL", 3))
-      con_ssl= 1;
+      con_ssl= USE_SSL_REQUIRED;
+    else if (length == 5 && !strncmp(con_options, "NOSSL", 5))
+      con_ssl= USE_SSL_FORBIDDEN;
    else if (!strncmp(con_options, "SSL-CIPHER=", 11))
    {
-      con_ssl= 1;
+      con_ssl= USE_SSL_REQUIRED;
      ssl_cipher=con_options + 11;
    }
    else if (length == 8 && !strncmp(con_options, "COMPRESS", 8))
      con_compress= 1;
+    else if (length == 3 && !strncmp(con_options, "TCP", 3))
+      protocol= MYSQL_PROTOCOL_TCP;
+    else if (length == 7 && !strncmp(con_options, "DEFAULT", 7))
+      protocol= MYSQL_PROTOCOL_DEFAULT;
    else if (length == 4 && !strncmp(con_options, "PIPE", 4))
-      con_pipe= 1;
+    {
+#ifdef _WIN32
+      protocol= MYSQL_PROTOCOL_PIPE;
+#endif
+    }
+    else if (length == 6 && !strncmp(con_options, "SOCKET", 6))
+    {
+#ifndef _WIN32
+      protocol= MYSQL_PROTOCOL_SOCKET;
+#endif
+    }
+    else if (length == 6 && !strncmp(con_options, "MEMORY", 6))
+    {
+#ifdef _WIN32
+      protocol= MYSQL_PROTOCOL_MEMORY;
+#endif
+    }
    else if (strncasecmp(con_options, "read_timeout=",
                         sizeof("read_timeout=")-1) == 0)
    {
@ -6051,14 +6081,13 @@ void do_connect(struct st_command *command)
  if (opt_charsets_dir)
    mysql_options(con_slot->mysql, MYSQL_SET_CHARSET_DIR,
                  opt_charsets_dir);
+
 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
-  if (opt_use_ssl)
-    con_ssl= 1;
-#endif
+  if (con_ssl == USE_SSL_IF_POSSIBLE && opt_use_ssl)
+    con_ssl= USE_SSL_REQUIRED;

-  if (con_ssl)
+  if (con_ssl == USE_SSL_REQUIRED)
  {
-#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
    mysql_ssl_set(con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
 		  opt_ssl_capath, ssl_cipher ? ssl_cipher : opt_ssl_cipher);
    mysql_options(con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
@ -6069,19 +6098,12 @@ void do_connect(struct st_command *command)
    opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost");
    mysql_options(con_slot->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
                  &opt_ssl_verify_server_cert);
-#endif
 #endif
  }
-
-  if (con_pipe)
-  {
-#ifdef _WIN32
-    opt_protocol= MYSQL_PROTOCOL_PIPE;
 #endif
-  }

-  if (opt_protocol)
-    mysql_options(con_slot->mysql, MYSQL_OPT_PROTOCOL, (char*) &opt_protocol);
+  if (protocol)
+    mysql_options(con_slot->mysql, MYSQL_OPT_PROTOCOL, (char*) &protocol);

  if (read_timeout)
  {
--- a/mysql-test/main/mysqld--help.result
+++ b/mysql-test/main/mysqld--help.result
@ -1082,6 +1082,10 @@ The following specify which files/extra groups are read (specified before remain
 not sure, leave this option unset
 --report-user=name  The account user name of the slave to be reported to the
 master during slave registration
+ --require-secure-transport 
+ When this option is enabled, connections attempted using
+ insecure transport will be rejected. Secure transports
+ are SSL/TLS, Unix sockets or named pipes.
 --rowid-merge-buff-size=# 
 The size of the buffers used [NOT] IN evaluation via
 partial matching
@ -1734,6 +1738,7 @@ report-host (No default value)
 report-password (No default value)
 report-port 0
 report-user (No default value)
+require-secure-transport FALSE
 rowid-merge-buff-size 8388608
 rpl-semi-sync-master-enabled FALSE
 rpl-semi-sync-master-timeout 10000
--- a/mysql-test/main/require_secure_transport-master.opt
+++ b/mysql-test/main/require_secure_transport-master.opt
@ -0,0 +1 @@
+--require-secure-transport=0
--- a/mysql-test/main/require_secure_transport.result
+++ b/mysql-test/main/require_secure_transport.result
@ -0,0 +1,8 @@
+CREATE TABLE t1 (t int(1));
+SET GLOBAL require_secure_transport=ON;
+ERROR 28000: Access denied for user 'root'@'localhost' (using password: NO)
+connection default;
+SET GLOBAL require_secure_transport=OFF;
+disconnect without_ssl;
+connection default;
+DROP TABLE t1;
--- a/mysql-test/main/require_secure_transport.test
+++ b/mysql-test/main/require_secure_transport.test
@ -0,0 +1,15 @@
+-- source include/have_ssl_communication.inc
+CREATE TABLE t1 (t int(1));
+SET GLOBAL require_secure_transport=ON;
+--disable_query_log
+--error ER_ACCESS_DENIED_ERROR
+connect without_ssl,localhost,root,,,,,TCP NOSSL;
+--enable_query_log
+connection default;
+SET GLOBAL require_secure_transport=OFF;
+--disable_query_log
+connect without_ssl,localhost,root,,,,,TCP NOSSL;
+--enable_query_log
+disconnect without_ssl;
+connection default;
+DROP TABLE t1;
--- a/mysql-test/suite/sys_vars/r/sysvars_server_embedded,32bit.rdiff
+++ b/mysql-test/suite/sys_vars/r/sysvars_server_embedded,32bit.rdiff
@ -1246,8 +1246,8 @@
 VARIABLE_COMMENT	When reading rows in sorted order after a sort, the rows are read through this buffer to avoid a disk seeks
 NUMERIC_MIN_VALUE	1
 NUMERIC_MAX_VALUE	2147483647
-@@ -2995,10 +2995,10 @@
- COMMAND_LINE_ARGUMENT	REQUIRED
+@@ -2905,10 +2905,10 @@
+ COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	ROWID_MERGE_BUFF_SIZE
 VARIABLE_SCOPE	SESSION
 -VARIABLE_TYPE	BIGINT UNSIGNED
@ -1259,7 +1259,7 @@
 NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
-@@ -3035,7 +3035,7 @@
+@@ -2945,7 +2945,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	SERVER_ID
 VARIABLE_SCOPE	SESSION
@ -1268,7 +1268,7 @@
 VARIABLE_COMMENT	Uniquely identifies the server instance in the community of replication partners
 NUMERIC_MIN_VALUE	1
 NUMERIC_MAX_VALUE	4294967295
-@@ -3105,7 +3105,7 @@
+@@ -3015,7 +3015,7 @@
 COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	SLAVE_MAX_ALLOWED_PACKET
 VARIABLE_SCOPE	GLOBAL
@ -1277,7 +1277,7 @@
 VARIABLE_COMMENT	The maximum packet length to sent successfully from the master to slave.
 NUMERIC_MIN_VALUE	1024
 NUMERIC_MAX_VALUE	1073741824
-@@ -3115,7 +3115,7 @@
+@@ -3025,7 +3025,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	SLOW_LAUNCH_TIME
 VARIABLE_SCOPE	GLOBAL
@ -1286,7 +1286,7 @@
 VARIABLE_COMMENT	If creating the thread takes longer than this value (in seconds), the Slow_launch_threads counter will be incremented
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	31536000
-@@ -3158,7 +3158,7 @@
+@@ -3068,7 +3068,7 @@
 VARIABLE_TYPE	BIGINT UNSIGNED
 VARIABLE_COMMENT	Each thread that needs to do a sort allocates a buffer of this size
 NUMERIC_MIN_VALUE	1024
@ -1295,7 +1295,7 @@
 NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
-@@ -3365,7 +3365,7 @@
+@@ -3275,7 +3275,7 @@
 COMMAND_LINE_ARGUMENT	NULL
 VARIABLE_NAME	STORED_PROGRAM_CACHE
 VARIABLE_SCOPE	GLOBAL
@ -1304,7 +1304,7 @@
 VARIABLE_COMMENT	The soft upper limit for number of cached stored routines for one connection.
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	524288
-@@ -3445,7 +3445,7 @@
+@@ -3355,7 +3355,7 @@
 COMMAND_LINE_ARGUMENT	NULL
 VARIABLE_NAME	TABLE_DEFINITION_CACHE
 VARIABLE_SCOPE	GLOBAL
@ -1313,7 +1313,7 @@
 VARIABLE_COMMENT	The number of cached table definitions
 NUMERIC_MIN_VALUE	400
 NUMERIC_MAX_VALUE	2097152
-@@ -3455,7 +3455,7 @@
+@@ -3365,7 +3365,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	TABLE_OPEN_CACHE
 VARIABLE_SCOPE	GLOBAL
@ -1322,7 +1322,7 @@
 VARIABLE_COMMENT	The number of cached open tables
 NUMERIC_MIN_VALUE	10
 NUMERIC_MAX_VALUE	1048576
-@@ -3515,7 +3515,7 @@
+@@ -3425,7 +3425,7 @@
 COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	THREAD_CACHE_SIZE
 VARIABLE_SCOPE	GLOBAL
@ -1331,7 +1331,7 @@
 VARIABLE_COMMENT	How many threads we should keep in a cache for reuse. These are freed after 5 minutes of idle time
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	16384
-@@ -3598,7 +3598,7 @@
+@@ -3508,7 +3508,7 @@
 VARIABLE_TYPE	BIGINT UNSIGNED
 VARIABLE_COMMENT	Max size for data for an internal temporary on-disk MyISAM or Aria table.
 NUMERIC_MIN_VALUE	1024
@ -1340,7 +1340,7 @@
 NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
-@@ -3608,7 +3608,7 @@
+@@ -3518,7 +3518,7 @@
 VARIABLE_TYPE	BIGINT UNSIGNED
 VARIABLE_COMMENT	If an internal in-memory temporary table exceeds this size, MariaDB will automatically convert it to an on-disk MyISAM or Aria table. Same as tmp_table_size.
 NUMERIC_MIN_VALUE	0
@ -1349,7 +1349,7 @@
 NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
-@@ -3618,14 +3618,14 @@
+@@ -3528,14 +3528,14 @@
 VARIABLE_TYPE	BIGINT UNSIGNED
 VARIABLE_COMMENT	Alias for tmp_memory_table_size. If an internal in-memory temporary table exceeds this size, MariaDB will automatically convert it to an on-disk MyISAM or Aria table.
 NUMERIC_MIN_VALUE	0
@ -1366,7 +1366,7 @@
 VARIABLE_COMMENT	Allocation block size for transactions to be stored in binary log
 NUMERIC_MIN_VALUE	1024
 NUMERIC_MAX_VALUE	134217728
-@@ -3635,7 +3635,7 @@
+@@ -3545,7 +3545,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	TRANSACTION_PREALLOC_SIZE
 VARIABLE_SCOPE	SESSION
@ -1375,7 +1375,7 @@
 VARIABLE_COMMENT	Persistent buffer for transactions to be stored in binary log
 NUMERIC_MIN_VALUE	1024
 NUMERIC_MAX_VALUE	134217728
-@@ -3775,7 +3775,7 @@
+@@ -3685,7 +3685,7 @@
 COMMAND_LINE_ARGUMENT	NULL
 VARIABLE_NAME	WAIT_TIMEOUT
 VARIABLE_SCOPE	SESSION
@ -1384,7 +1384,7 @@
 VARIABLE_COMMENT	The number of seconds the server waits for activity on a connection before closing it
 NUMERIC_MIN_VALUE	1
 NUMERIC_MAX_VALUE	31536000
-@@ -3802,7 +3802,7 @@
+@@ -3712,7 +3712,7 @@
 VARIABLE_NAME	LOG_TC_SIZE
 GLOBAL_VALUE_ORIGIN	AUTO
 VARIABLE_SCOPE	GLOBAL
--- a/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result
+++ b/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result
@ -2993,6 +2993,16 @@ NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
 COMMAND_LINE_ARGUMENT	REQUIRED
+VARIABLE_NAME	REQUIRE_SECURE_TRANSPORT
+VARIABLE_SCOPE	GLOBAL
+VARIABLE_TYPE	BOOLEAN
+VARIABLE_COMMENT	When this option is enabled, connections attempted using insecure transport will be rejected. Secure transports are SSL/TLS, Unix sockets or named pipes.
+NUMERIC_MIN_VALUE	NULL
+NUMERIC_MAX_VALUE	NULL
+NUMERIC_BLOCK_SIZE	NULL
+ENUM_VALUE_LIST	OFF,ON
+READ_ONLY	NO
+COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	ROWID_MERGE_BUFF_SIZE
 VARIABLE_SCOPE	SESSION
 VARIABLE_TYPE	BIGINT UNSIGNED
--- a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded,32bit.rdiff
+++ b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded,32bit.rdiff
@ -1254,8 +1254,8 @@
 VARIABLE_COMMENT	When reading rows in sorted order after a sort, the rows are read through this buffer to avoid a disk seeks
 NUMERIC_MIN_VALUE	1
 NUMERIC_MAX_VALUE	2147483647
-@@ -3355,10 +3355,10 @@
- COMMAND_LINE_ARGUMENT	REQUIRED
+@@ -3265,10 +3265,10 @@
+ COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	ROWID_MERGE_BUFF_SIZE
 VARIABLE_SCOPE	SESSION
 -VARIABLE_TYPE	BIGINT UNSIGNED
@ -1267,7 +1267,7 @@
 NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
-@@ -3375,20 +3375,20 @@
+@@ -3285,20 +3285,20 @@
 COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	RPL_SEMI_SYNC_MASTER_TIMEOUT
 VARIABLE_SCOPE	GLOBAL
@ -1292,7 +1292,7 @@
 NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
-@@ -3445,10 +3445,10 @@
+@@ -3355,10 +3355,10 @@
 COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	RPL_SEMI_SYNC_SLAVE_TRACE_LEVEL
 VARIABLE_SCOPE	GLOBAL
@ -1305,7 +1305,7 @@
 NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
-@@ -3485,7 +3485,7 @@
+@@ -3395,7 +3395,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	SERVER_ID
 VARIABLE_SCOPE	SESSION
@ -1314,7 +1314,7 @@
 VARIABLE_COMMENT	Uniquely identifies the server instance in the community of replication partners
 NUMERIC_MIN_VALUE	1
 NUMERIC_MAX_VALUE	4294967295
-@@ -3625,7 +3625,7 @@
+@@ -3535,7 +3535,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	SLAVE_DOMAIN_PARALLEL_THREADS
 VARIABLE_SCOPE	GLOBAL
@ -1323,7 +1323,7 @@
 VARIABLE_COMMENT	Maximum number of parallel threads to use on slave for events in a single replication domain. When using multiple domains, this can be used to limit a single domain from grabbing all threads and thus stalling other domains. The default of 0 means to allow a domain to grab as many threads as it wants, up to the value of slave_parallel_threads.
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	16383
-@@ -3655,7 +3655,7 @@
+@@ -3565,7 +3565,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	SLAVE_MAX_ALLOWED_PACKET
 VARIABLE_SCOPE	GLOBAL
@ -1332,7 +1332,7 @@
 VARIABLE_COMMENT	The maximum packet length to sent successfully from the master to slave.
 NUMERIC_MIN_VALUE	1024
 NUMERIC_MAX_VALUE	1073741824
-@@ -3675,7 +3675,7 @@
+@@ -3585,7 +3585,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	SLAVE_PARALLEL_MAX_QUEUED
 VARIABLE_SCOPE	GLOBAL
@ -1341,7 +1341,7 @@
 VARIABLE_COMMENT	Limit on how much memory SQL threads should use per parallel replication thread when reading ahead in the relay log looking for opportunities for parallel replication. Only used when --slave-parallel-threads > 0.
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	2147483647
-@@ -3695,7 +3695,7 @@
+@@ -3605,7 +3605,7 @@
 COMMAND_LINE_ARGUMENT	NULL
 VARIABLE_NAME	SLAVE_PARALLEL_THREADS
 VARIABLE_SCOPE	GLOBAL
@ -1350,7 +1350,7 @@
 VARIABLE_COMMENT	If non-zero, number of threads to spawn to apply in parallel events on the slave that were group-committed on the master or were logged with GTID in different replication domains. Note that these threads are in addition to the IO and SQL threads, which are always created by a replication slave
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	16383
-@@ -3705,7 +3705,7 @@
+@@ -3615,7 +3615,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	SLAVE_PARALLEL_WORKERS
 VARIABLE_SCOPE	GLOBAL
@ -1359,7 +1359,7 @@
 VARIABLE_COMMENT	Alias for slave_parallel_threads
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	16383
-@@ -3745,7 +3745,7 @@
+@@ -3655,7 +3655,7 @@
 COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	SLAVE_TRANSACTION_RETRIES
 VARIABLE_SCOPE	GLOBAL
@ -1368,7 +1368,7 @@
 VARIABLE_COMMENT	Number of times the slave SQL thread will retry a transaction in case it failed with a deadlock, elapsed lock wait timeout or listed in slave_transaction_retry_errors, before giving up and stopping
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	4294967295
-@@ -3765,7 +3765,7 @@
+@@ -3675,7 +3675,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	SLAVE_TRANSACTION_RETRY_INTERVAL
 VARIABLE_SCOPE	GLOBAL
@ -1377,7 +1377,7 @@
 VARIABLE_COMMENT	Interval of the slave SQL thread will retry a transaction in case it failed with a deadlock or elapsed lock wait timeout or listed in slave_transaction_retry_errors
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	3600
-@@ -3785,7 +3785,7 @@
+@@ -3695,7 +3695,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	SLOW_LAUNCH_TIME
 VARIABLE_SCOPE	GLOBAL
@ -1386,7 +1386,7 @@
 VARIABLE_COMMENT	If creating the thread takes longer than this value (in seconds), the Slow_launch_threads counter will be incremented
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	31536000
-@@ -3828,7 +3828,7 @@
+@@ -3738,7 +3738,7 @@
 VARIABLE_TYPE	BIGINT UNSIGNED
 VARIABLE_COMMENT	Each thread that needs to do a sort allocates a buffer of this size
 NUMERIC_MIN_VALUE	1024
@ -1395,7 +1395,7 @@
 NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
-@@ -4045,7 +4045,7 @@
+@@ -3955,7 +3955,7 @@
 COMMAND_LINE_ARGUMENT	NULL
 VARIABLE_NAME	STORED_PROGRAM_CACHE
 VARIABLE_SCOPE	GLOBAL
@ -1404,7 +1404,7 @@
 VARIABLE_COMMENT	The soft upper limit for number of cached stored routines for one connection.
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	524288
-@@ -4145,7 +4145,7 @@
+@@ -4055,7 +4055,7 @@
 COMMAND_LINE_ARGUMENT	NULL
 VARIABLE_NAME	TABLE_DEFINITION_CACHE
 VARIABLE_SCOPE	GLOBAL
@ -1413,7 +1413,7 @@
 VARIABLE_COMMENT	The number of cached table definitions
 NUMERIC_MIN_VALUE	400
 NUMERIC_MAX_VALUE	2097152
-@@ -4155,7 +4155,7 @@
+@@ -4065,7 +4065,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	TABLE_OPEN_CACHE
 VARIABLE_SCOPE	GLOBAL
@ -1422,7 +1422,7 @@
 VARIABLE_COMMENT	The number of cached open tables
 NUMERIC_MIN_VALUE	10
 NUMERIC_MAX_VALUE	1048576
-@@ -4215,7 +4215,7 @@
+@@ -4125,7 +4125,7 @@
 COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	THREAD_CACHE_SIZE
 VARIABLE_SCOPE	GLOBAL
@ -1431,7 +1431,7 @@
 VARIABLE_COMMENT	How many threads we should keep in a cache for reuse. These are freed after 5 minutes of idle time
 NUMERIC_MIN_VALUE	0
 NUMERIC_MAX_VALUE	16384
-@@ -4388,7 +4388,7 @@
+@@ -4298,7 +4298,7 @@
 VARIABLE_TYPE	BIGINT UNSIGNED
 VARIABLE_COMMENT	Max size for data for an internal temporary on-disk MyISAM or Aria table.
 NUMERIC_MIN_VALUE	1024
@ -1440,7 +1440,7 @@
 NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
-@@ -4398,7 +4398,7 @@
+@@ -4308,7 +4308,7 @@
 VARIABLE_TYPE	BIGINT UNSIGNED
 VARIABLE_COMMENT	If an internal in-memory temporary table exceeds this size, MariaDB will automatically convert it to an on-disk MyISAM or Aria table. Same as tmp_table_size.
 NUMERIC_MIN_VALUE	0
@ -1449,7 +1449,7 @@
 NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
-@@ -4408,14 +4408,14 @@
+@@ -4318,14 +4318,14 @@
 VARIABLE_TYPE	BIGINT UNSIGNED
 VARIABLE_COMMENT	Alias for tmp_memory_table_size. If an internal in-memory temporary table exceeds this size, MariaDB will automatically convert it to an on-disk MyISAM or Aria table.
 NUMERIC_MIN_VALUE	0
@ -1466,7 +1466,7 @@
 VARIABLE_COMMENT	Allocation block size for transactions to be stored in binary log
 NUMERIC_MIN_VALUE	1024
 NUMERIC_MAX_VALUE	134217728
-@@ -4425,7 +4425,7 @@
+@@ -4335,7 +4335,7 @@
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	TRANSACTION_PREALLOC_SIZE
 VARIABLE_SCOPE	SESSION
@ -1475,7 +1475,7 @@
 VARIABLE_COMMENT	Persistent buffer for transactions to be stored in binary log
 NUMERIC_MIN_VALUE	1024
 NUMERIC_MAX_VALUE	134217728
-@@ -4565,7 +4565,7 @@
+@@ -4475,7 +4475,7 @@
 COMMAND_LINE_ARGUMENT	NULL
 VARIABLE_NAME	WAIT_TIMEOUT
 VARIABLE_SCOPE	SESSION
@ -1484,7 +1484,7 @@
 VARIABLE_COMMENT	The number of seconds the server waits for activity on a connection before closing it
 NUMERIC_MIN_VALUE	1
 NUMERIC_MAX_VALUE	31536000
-@@ -4592,7 +4592,7 @@
+@@ -4502,7 +4502,7 @@
 VARIABLE_NAME	LOG_TC_SIZE
 GLOBAL_VALUE_ORIGIN	AUTO
 VARIABLE_SCOPE	GLOBAL
--- a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result
+++ b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result
@ -3353,6 +3353,16 @@ NUMERIC_BLOCK_SIZE	NULL
 ENUM_VALUE_LIST	NULL
 READ_ONLY	YES
 COMMAND_LINE_ARGUMENT	REQUIRED
+VARIABLE_NAME	REQUIRE_SECURE_TRANSPORT
+VARIABLE_SCOPE	GLOBAL
+VARIABLE_TYPE	BOOLEAN
+VARIABLE_COMMENT	When this option is enabled, connections attempted using insecure transport will be rejected. Secure transports are SSL/TLS, Unix sockets or named pipes.
+NUMERIC_MIN_VALUE	NULL
+NUMERIC_MAX_VALUE	NULL
+NUMERIC_BLOCK_SIZE	NULL
+ENUM_VALUE_LIST	OFF,ON
+READ_ONLY	NO
+COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	ROWID_MERGE_BUFF_SIZE
 VARIABLE_SCOPE	SESSION
 VARIABLE_TYPE	BIGINT UNSIGNED
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@ -418,6 +418,7 @@ my_bool use_temp_pool, relay_log_purge;
 my_bool relay_log_recovery;
 my_bool opt_sync_frm, opt_allow_suspicious_udfs;
 my_bool opt_secure_auth= 0;
+my_bool opt_require_secure_transport= 0;
 char* opt_secure_file_priv;
 my_bool lower_case_file_system= 0;
 my_bool opt_large_pages= 0;
@ -4548,6 +4549,21 @@ void ssl_acceptor_stats_update(int sslaccept_ret)

 static void init_ssl()
 {
+/*
+  Not need to check require_secure_transport on the Linux,
+  because it always has Unix domain sockets that are secure:
+*/
+#ifdef _WIN32
+  if (opt_require_secure_transport &&
+      !opt_use_ssl &&
+      !opt_enable_named_pipe &&
+      !opt_bootstrap)
+  {
+    sql_print_error("Server is started with --require-secure-transport=ON "
+                    "but no secure transport (SSL or PIPE) are configured.");
+    unireg_abort(1);
+  }
+#endif
 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
  if (opt_use_ssl)
  {
--- a/sql/mysqld.h
+++ b/sql/mysqld.h
@ -134,6 +134,7 @@ extern my_bool read_only, opt_readonly;
 extern MYSQL_PLUGIN_IMPORT my_bool lower_case_file_system;
 extern my_bool opt_enable_named_pipe, opt_sync_frm, opt_allow_suspicious_udfs;
 extern my_bool opt_secure_auth;
+extern my_bool opt_require_secure_transport;
 extern const char *current_dbug_option;
 extern char* opt_secure_file_priv;
 extern char* opt_secure_backup_file_priv;
@ -762,6 +763,7 @@ extern mysql_cond_t COND_manager;
 extern mysql_cond_t COND_slave_background;
 extern Atomic_counter<uint32_t> thread_count;

+extern my_bool opt_use_ssl;
 extern char *opt_ssl_ca, *opt_ssl_capath, *opt_ssl_cert, *opt_ssl_cipher,
  *opt_ssl_key, *opt_ssl_crl, *opt_ssl_crlpath;
 extern ulonglong tls_version;
--- a/sql/share/errmsg-utf8.txt
+++ b/sql/share/errmsg-utf8.txt
@ -7947,4 +7947,6 @@ ER_GALERA_REPLICATION_NOT_SUPPORTED
        eng "DDL-statement is forbidden as table storage engine does not support Galera replication"
 ER_LOAD_INFILE_CAPABILITY_DISABLED
        eng "The used command is not allowed because the MariaDB server or client has disabled the local infile capability"
-        rum "Comanda folosită nu este permisă deoarece clientul sau serverul MariaDB a dezactivat această capabilitate"
+        rum "Comanda folosită nu este permisă deoarece clientul sau serverul MariaDB a dezactivat această capabilitate"
+ER_NO_SECURE_TRANSPORTS_CONFIGURED
+        eng "No secure transports are configured, unable to set --require_secure_transport=ON"
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -13732,8 +13732,8 @@ static void server_mpvio_info(MYSQL_PLUGIN_VIO *vio,

 static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user)
 {
-#ifdef HAVE_OPENSSL
  Vio *vio= thd->net.vio;
+#ifdef HAVE_OPENSSL
  SSL *ssl= (SSL *) vio->ssl_arg;
  X509 *cert;
 #endif
@ -13747,6 +13747,24 @@ static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user)
  switch (acl_user->ssl_type) {
  case SSL_TYPE_NOT_SPECIFIED:                  // Impossible
  case SSL_TYPE_NONE:                           // SSL is not required
+    if (opt_require_secure_transport)
+    {
+      enum enum_vio_type type= vio_type(vio);
+#ifdef HAVE_OPENSSL
+      return type != VIO_TYPE_SSL &&
+#ifndef _WIN32
+             type != VIO_TYPE_SOCKET;
+#else
+             type != VIO_TYPE_NAMEDPIPE;
+#endif
+#else
+#ifndef _WIN32
+      return type != VIO_TYPE_SOCKET;
+#else
+      return type != VIO_TYPE_NAMEDPIPE;
+#endif
+#endif
+    }
    return 0;
 #ifdef HAVE_OPENSSL
  case SSL_TYPE_ANY:                            // Any kind of SSL is ok
--- a/sql/sys_vars.cc
+++ b/sql/sys_vars.cc
@ -3101,6 +3101,40 @@ static Sys_var_mybool Sys_secure_auth(
       GLOBAL_VAR(opt_secure_auth), CMD_LINE(OPT_ARG),
       DEFAULT(TRUE));

+static bool check_require_secure_transport(sys_var *self, THD *thd, set_var *var)
+{
+#ifndef _WIN32
+  /*
+    Always allow require_secure_transport to be enabled on
+    Linux, because it always has Unix domain sockets that are secure:
+  */
+  return false;
+#else
+  /*
+    Check SSL is enabled before turning require_secure_transport ON,
+    otherwise no connections will be allowed on Windows:
+  */
+  if (!var->save_result.ulonglong_value)
+    return false;
+  if (opt_use_ssl || opt_enable_named_pipe)
+    return false;
+  /* reject if SSL is disabled: */
+  my_error(ER_NO_SECURE_TRANSPORTS_CONFIGURED, MYF(0));
+  return true;
+#endif
+}
+
+static Sys_var_mybool Sys_require_secure_transport(
+  "require_secure_transport",
+  "When this option is enabled, connections attempted using insecure "
+  "transport will be rejected. Secure transports are SSL/TLS, "
+  "Unix sockets or named pipes.",
+  GLOBAL_VAR(opt_require_secure_transport),
+  CMD_LINE(OPT_ARG),
+  DEFAULT(FALSE),
+  NO_MUTEX_GUARD, NOT_IN_BINLOG,
+  ON_CHECK(check_require_secure_transport), ON_UPDATE(0));
+
 static Sys_var_charptr Sys_secure_file_priv(
       "secure_file_priv",
       "Limit LOAD DATA, SELECT ... OUTFILE, and LOAD_FILE() to files "