Requiring SSL/TLS for all connections to a MySQL DB instance on Amazon RDS - Amazon Relational Database Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Requiring SSL/TLS for all connections to a MySQL DB instance on Amazon RDS

Use the require_secure_transport parameter to require that all user connections to your MySQL DB instance use SSL/TLS. By default, the require_secure_transport parameter is set to OFF. You can set the require_secure_transport parameter to ON to require SSL/TLS for connections to your DB instance.

You can set the require_secure_transport parameter value by updating the DB parameter group for your DB instance. You don't need to reboot your DB instance for the change to take effect.

When the require_secure_transport parameter is set to ON for a DB instance, a database client can connect to it if it can establish an encrypted connection. Otherwise, an error message similar to the following is returned to the client:

MySQL Error 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.

For information about setting parameters, see Modifying parameters in a DB parameter group in Amazon RDS.

For more information about the require_secure_transport parameter, see the MySQL documentation.