Hi, one quick question. does hydra and kratos both support mutual TLS? and if yes, from which version? thank you

Hi @User Hydra and Kratos only support TLS not mTLS

@User thx for your response. But i can see from this doc that DSN can accept “`sslcert`” and “sslkey” for postgres schema,. If only TLS is supported, what are these options for? (i know they are not mentioned in the mysql schema section, just out of curiosity)

This is for the connection between Kratos/Hydra and your database. Usually when you are using a hosted provider you would want to use

sslmode

in certain circumstances e.g. your database is outside of the VM where Kratos/Hydra is running. It is also good practice to have this enabled in production. https://www.postgresql.org/docs/12/libpq-ssl.html

ah, seems my question is not very clear. What i’m asking is actually below, not for the connection between client and hydra, but between hydra/kratos and database

When defining DSN in kratos and hydra, can they use client side certificate to connect to database?  the database we are using now are enforcing mTLS from their side.  And the schema is <mysql://xxxx>

i see the sslkey and sslcert is only mentioned for postgres, but not mysql

thank you.

yes we support for both. you just need to add it to the connection string

nice, i will give a try. Thank you very much !!

Check out this link https://github.com/go-sql-driver/mysql#tls this is the underlying driver that is processing the request inside gobuffalo/pop

i don’t see it mentioning mTLS related things, interesting, i have to give a shot anyway. thank you for your help.