Implemented Add MySQLi SSL support


MySQLi supports database connections over SSL but XenForo doesn't (from what I can tell). Adding support for this should be simple. Just add a few config.php options then make the necessary changes to \XF\Db\Mysqli\Adapter::makeConnection from what I can gather.

Any reason why this isn't already a feature? I can't setup XenForo to use a managed digitalocean database without the SSL support, and it seems like it would be a good thing for security in general.
Last edited:

Chris D

XenForo developer
Staff member
We have made changes to the next XF release to allow mysqli to be configured with the relevant SSL settings.

The following database config keys are now supported (default values depicted):
$config['db']['ssl']['enabled'] = false; // Enable/disable SSL support 
$config['db']['ssl']['key'] = null; // The path name to the key file.
$config['db']['ssl']['cert'] = null; // The path name to the certificate file.
$config['db']['ssl']['ca'] = null; // The path name to the certificate authority file.
$config['db']['ssl']['capth'] = null; // The pathname to a directory that contains trusted SSL CA certificates in PEM format.
$config['db']['ssl']['cipher'] = null; // A list of allowable ciphers to use for SSL encryption.
Many of these config values aren't required (hence the default value of null). An Azure hosted MySQL database for example just requires:
$config['db']['ssl']['enabled'] = true;
$config['db']['ssl']['ca'] = 'BaltimoreCyberTrustRoot.crt.pem';
The exact configuration required may vary from server to server.