I have a mysql server running on AWS that requires authentication over SSL (but no user certificates).

What I tried :

SequelPro (GUI) allows you to connect without a certificate:

It also works when using mysqlconnector with empty SSL parameters: ‘ssl_ca’: ‘'. Unfortunately, MySQLdb does not.

I tried (using a connection string).

1.

conn = sqlalchemy.create_engine(
    con_str,
    connect_args={'ssl':{'ca': ''}})
pd.read_sql_query('select id from mytable limit 1', conn)

2.

conn = sqlalchemy.create_engine(
    # the following is used to enforce mysqlconnector usage
    con_str.replace("mysql:", "mysql+mysqlconnector:"),
    connect_args={'ssl_ca':''})
pd.read_sql_query('select id from mytable limit 1', conn)

The second one works fine, the first one doesn’t. Of course, I also tried using the bare connectors (MySQLdb.connect() and mysql.connector.connect()) and got the same behavior and couldn’t put MySQLdb to work.

Question:

Can you give me some tips on how to use SSL in MySQLdb without a certificate (and key)?

More background:

We switched from another provider to AWS, so unfortunately we no longer use ssh as before, now we use SSL. And I don’t manage the database, so I can’t implement it with a user certificate, I’m just forced to use SSL without any certificates.

A colleague explained that from a security point of view, this is okay because the server sends a certificate. We believe that he is the one that belongs to the corresponding URL because we believe in the CA.

It may not work in your case, but I also want to do that in pymysql, which seems to pass a dictionary containing any key works :

connect_args={'ssl': {'key': 'whatever'}}

But then I found out that mysql-connector-python tries SSL even without any parameters. I changed careers for another reason.