Will require_secure_transport break legacy clients?

Yes if they cannot do TLS. Test before flipping.

MySQL or MariaDB on Anubiz?

Both work. Anubiz cloud image has MySQL 8 default.

Self-serve, Premium can review configs.

Performance hit from TLS?

Single-digit percent with AES-NI.

MySQL TLS-Only on an Anubiz Offshore VPS

MySQL 8 on Ubuntu 24.04 ships with auto-generated TLS certs but accepts plaintext by default. Flipping <code>require_secure_transport=ON</code> takes 30 seconds and shuts the most common eavesdropping path. On an Anubiz VPS this guide configures MySQL 8 for TLS-only, switches the default to caching_sha2_password, sets up role-based grants and enables the audit log plugin.

Need this done for your project?

We implement, you ship. Async, documented, done in days.

Start a Brief

Step 1: Reuse Auto-Generated Certs

MySQL 8 generates server-cert.pem in /var/lib/mysql on first boot. Production deploys replace with CA-signed.

Step 2: my.cnf

require_secure_transport=ON, default_authentication_plugin=caching_sha2_password, tls_version=TLSv1.2,TLSv1.3.

Step 3: User Migration

Existing users on mysql_native_password need migration: ALTER USER 'app'@'host' IDENTIFIED WITH caching_sha2_password BY 'pw';.

Step 4: Role-Based Grants

Create roles app_read, app_write. Grant to user. Easier to manage than per-user grants.

Step 5: Audit Log

Percona audit log plugin or MariaDB audit on MariaDB. Logs DDL and grant changes for forensics.

Related Services

Offshore VPS from $17.90/mo Dedicated Servers DevOps Services

Why Anubiz Host

100% async — no calls, no meetings

Delivered in days, not weeks

Full documentation included

Production-grade from day one

Security-first approach

Post-delivery support included

Bulletproof Hosting Providers

DMCA-Ignored Servers

Offshore VPS Hosting

Anonymous Hosting Solutions

Ready to get started?

Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.

Start a Brief Anubiz Offshore VPS