On Sat, 2023-07-08 at 12:42 -0700, Antony T Curtis wrote:
In my opinion, disabled by default would be the correct choice except where using x509 certificate and requires server cert verification where it would be okay to enable redirection because an untrusted server should fail the verification.
Okay. A connection without TLS [1] or with TLS but without server cert verification [2] is already technically easy to MITM or silently downgrade to plaintext [3], but it is true that the risk is magnified by redirection, because a server that's on a trusted/local network may redirect to a server outside this local network, thus magnifying the practical concern. I will modify the Connector/C PR (https://github.com/mariadb-corporation/mariadb-connector-c/commit/54886ac29d...) such that… * If, and only if, the `ssl-verify-server-cert` or `ssl-fp-list` options are enabled, then Connector/C will enable `follow-server-redirects` by default. * Otherwise, `follow-server-redirects` will be disabled by default (but it will still be possible to enable it by explicitly specifying this option). Thanks, Daniel Lenski Amazon RDS MySQL/MariaDB engine team [1] `--ssl=OFF` [2] e.g. `--ssl` but not `--ssl-verify-server-cert` for the command-line client [3] Due to https://jira.mariadb.org/browse/MDEV-28634