1. Kayako Download customers: we will continue to develop and support Kayako Download beyond July 2017, alongside the new Kayako for existing customers.

    Find out more.

  2. The forum you are viewing relates to Kayako Classic. If you signed up or upgraded to the new Kayako (after the 4th July 2016), the information in this thread may not apply to you. You can visit the forums for the new Kayako here.

  1. Alex Saavedra

    Alex Saavedra Member

    Hi there,

    I was unable to find settings in config.php for enforcing secure connections between Kayako frontend and MySQL backend. Support team at Kayako then confirmed that MySQL over SSL connections is not currently feasible.

    I think encrypted communications are mandatory nowadays, wherever possible, and would highly recommend having this feature supported in Kayako Download.

    By the way, I wonder whether MySQL is using secured connections in Kayako cloud version.


    Alex Saavedra
  2. bear

    bear Kayako Guru

    That's because mysql is a "back end" communication and does not travel over public web protocols. It's internal to the server, so no data is "in the clear" to be encrypted.
  3. Alex Saavedra

    Alex Saavedra Member

    I am evaluating Kayako Classic in Azure environment, with web server and database sitting in different IaaS environments. Therefore, data potentially travelling in the wild, where traffic should be encrypted. All other platforms we use offer secure data traffic out of the box. I am surprised that Kayako doesn't.
  4. bear

    bear Kayako Guru

  5. Alex Saavedra

    Alex Saavedra Member

  6. sergioag

    sergioag Member

    I have checked the code and it *seems* to be pretty simple to add support for it, albeit in a pretty hacky way.

    Go to __swift/library/Database/class.SWIFT_Database.php, at the line where it creates the PDO class for MySQL using network, not socket (about line 395 for 4.79).

    Add something like this before that line:

    $_pdoExtended[PDO::MYSQL_ATTR_SSL_KEY] = '/path/to/client-key.pem';
    $_pdoExtended[PDO::MYSQL_ATTR_SSL_CERT] = '/path/to/client-cert.pem';
    $_pdoExtended[PDO::MYSQL_ATTR_SSL_CA] = '/path/to/ca-cert.pem';

    That should be enough, though I haven't tested.
  7. Alex Saavedra

    Alex Saavedra Member

    Thanks sergioag. Suggested settings seemed to work, but only if Azure MySQL database is still configured for accepting non-secure connections. I couldn't verify whether existing connection with above settings was using SSL in the end. But I suspect at least initial handshake begins as non-encrypted.

    Existing ADODB files seems to rely on mysqli only, where additional flag MYSQLI_CLIENT_SSL available through real_connect method looks required for preparing the connection beforehand.

    Therefore, it looks like more robust settings are needed for enforcing SSL-only connections.


    Alex S.

Share This Page