Current Location: Home> Latest Articles> Why does the connection still show as non-encrypted after using the ssl_set function to set SSL? Possible causes.

Why does the connection still show as non-encrypted after using the ssl_set function to set SSL? Possible causes.

M66 2025-06-23

1. Incorrect ssl_set() calling order

The mysqli::ssl_set() function must be called before mysqli::real_connect(), or the settings will not take effect. Incorrect calling order is one of the most common oversights.

Incorrect example:

$conn = new mysqli(); $conn->real_connect('db.m66.net', 'user', 'pass', 'database'); $conn->ssl_set('/path/client-key.pem', '/path/client-cert.pem', '/path/ca.pem', NULL, NULL);

Correct example:

$conn = new mysqli(); $conn->ssl_set('/path/client-key.pem', '/path/client-cert.pem', '/path/ca.pem', NULL, NULL); $conn->real_connect('db.m66.net', 'user', 'pass', 'database');

2. The MYSQLI_CLIENT_SSL flag is not enabled

When connecting with real_connect(), if the MYSQLI_CLIENT_SSL flag is not passed, SSL may not be enabled for the connection, even if ssl_set() is called.

$conn->real_connect('db.m66.net', 'user', 'pass', 'database', null, null, MYSQLI_CLIENT_SSL);

3. OpenSSL support is not enabled on the client

It is crucial to check whether PHP has the OpenSSL extension enabled. You can confirm this by running phpinfo() or executing php -m | grep openssl in the command line. If it's not enabled, PHP will not be able to establish an SSL encrypted connection.

4. MySQL server has not enabled SSL or is not fully configured

The server side must also enable SSL and provide valid certificates and CA files. You can confirm this with the following SQL query:

SHOW VARIABLES LIKE '%ssl%';

If the result shows have_ssl as DISABLED, SSL will not work regardless of the client's settings.

5. Using libraries or drivers that do not support SSL

Some older versions of PHP or the libmysqlclient library may not support SSL or may require specific compile options. It is recommended to use the mysqlnd driver, as it natively supports SSL and is more modern.

6. Verifying whether the connection has SSL encryption enabled

Even if everything is configured correctly, you should verify if the connection has SSL encryption enabled. You can check the actual encryption status with the following query:

$result = $conn->query("SHOW STATUS LIKE 'Ssl_cipher'"); $row = $result->fetch_assoc(); if (!empty($row['Value'])) { echo "SSL is enabled, the encryption algorithm is: " . $row['Value']; } else { echo "SSL is not enabled"; }

If the result is empty, it means SSL is not actually enabled.

7. Implicit fallback due to domain name or IP address

In some environments, if localhost is used, the connection may fall back to Unix socket, bypassing the network-layer SSL. It is recommended to explicitly use the hostname or IP address, for example:

$conn->real_connect('db.m66.net', 'user', 'pass', 'database');
Related