I’m reading https://support.singlestore.com/hc/en-us/articles/4402528875284-Troubleshooting-SSL, and I see:
Under SSL in Studio:
Client mode only requires configurations in Studio. The user connects to Studio, and Studio connects to the Cluster as a regular client.
This mode has the advantage of being easy to configure and can work with any SingleStore cluster to which the user has a valid login.
However, this setup will not work for scenarios with Integrated authentication, such as Kerberos, Active Directory, or SAML. Also, the communication between Studio and the Cluster needs to be in cleartext.
So let me get this straight - you’re saying if I create a database user with “REQUIRE SSL,” that user cannot login to singlestore studio? That appears to be what I’m seeing. When I go to singlestore studio and try to connect using a user defined with “REQUIRE SSL,” I get:
An error occurred: Error: UNKNOWN_ERR_CODE: Access denied for user ‘admin’@‘172.19.0.118’ (using password: YES). The user is configured with REQUIRE SSL but the connection is not SSL. See SSL Secure Connections · SingleStore Documentation for information on configuring SSL.
I don’t understand why you would cripple singlestore studio like that. It’s just a client like any other client, so why can’t it negotiate an SSL/TLS connection with the server?