MDEV-13362: implement --require_secure_transport option10.5-MDEV-13362

Currently, if a user wants to require TLS for every connection made
over the network, then every user account on the system needs to be
created with "REQUIRE SSL" or one of the other TLS options.

Implementing a require_secure_transport system varuable (which,
in particular, can be set using the --require_secure_transport=ON
command line option) in the MariaDB Server would make it a lot
easier to require TLS (or other secure transport) system-wide.

This patch implements this new system variable, adds the ability
to set it with SQL statements, from the command line and from the
configuration file, and also contains improvements for mtr that allow
the user to establish non-secure TCP/IP connections (for example,
to verify the operation of the new option).

14 files changed, 203 insertions, 61 deletions

diff --git a/client/mysqltest.cc b/client/mysqltest.cc
index 148a492a648..3988fa7475f 100644
--- a/client/mysqltest.cc
+++ b/client/mysqltest.cc
@@ -5892,13 +5892,21 @@ do_handle_error:
 
 */
 
+enum use_ssl
+{
+  USE_SSL_FORBIDDEN = -1,
+  USE_SSL_IF_POSSIBLE,
+  USE_SSL_REQUIRED
+};
+
 void do_connect(struct st_command *command)
 {
+  uint protocol= opt_protocol;
   int con_port= opt_port;
   char *con_options;
   char *ssl_cipher __attribute__((unused))= 0;
-  my_bool con_ssl= 0, con_compress= 0;
-  my_bool con_pipe= 0;
+  enum use_ssl con_ssl= USE_SSL_IF_POSSIBLE;
+  my_bool con_compress= 0;
   int read_timeout= 0;
   int write_timeout= 0;
   int connect_timeout= 0;
@@ -5980,16 +5988,38 @@ void do_connect(struct st_command *command)
       end++;
     length= (size_t) (end - con_options);
     if (length == 3 && !strncmp(con_options, "SSL", 3))
-      con_ssl= 1;
+      con_ssl= USE_SSL_REQUIRED;
+    else if (length == 5 && !strncmp(con_options, "NOSSL", 5))
+      con_ssl= USE_SSL_FORBIDDEN;
     else if (!strncmp(con_options, "SSL-CIPHER=", 11))
     {
-      con_ssl= 1;
+      con_ssl= USE_SSL_REQUIRED;
       ssl_cipher=con_options + 11;
     }
     else if (length == 8 && !strncmp(con_options, "COMPRESS", 8))
       con_compress= 1;
+    else if (length == 3 && !strncmp(con_options, "TCP", 3))
+      protocol= MYSQL_PROTOCOL_TCP;
+    else if (length == 7 && !strncmp(con_options, "DEFAULT", 7))
+      protocol= MYSQL_PROTOCOL_DEFAULT;
     else if (length == 4 && !strncmp(con_options, "PIPE", 4))
-      con_pipe= 1;
+    {
+#ifdef _WIN32
+      protocol= MYSQL_PROTOCOL_PIPE;
+#endif
+    }
+    else if (length == 6 && !strncmp(con_options, "SOCKET", 6))
+    {
+#ifndef _WIN32
+      protocol= MYSQL_PROTOCOL_SOCKET;
+#endif
+    }
+    else if (length == 6 && !strncmp(con_options, "MEMORY", 6))
+    {
+#ifdef _WIN32
+      protocol= MYSQL_PROTOCOL_MEMORY;
+#endif
+    }
     else if (strncasecmp(con_options, "read_timeout=",
                          sizeof("read_timeout=")-1) == 0)
     {
@@ -6050,14 +6080,13 @@ void do_connect(struct st_command *command)
   if (opt_charsets_dir)
     mysql_options(con_slot->mysql, MYSQL_SET_CHARSET_DIR,
                   opt_charsets_dir);
+
 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
-  if (opt_use_ssl)
-    con_ssl= 1;
-#endif
+  if (con_ssl == USE_SSL_IF_POSSIBLE && opt_use_ssl)
+    con_ssl= USE_SSL_REQUIRED;
 
-  if (con_ssl)
+  if (con_ssl == USE_SSL_REQUIRED)
   {
-#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
     mysql_ssl_set(con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
 		  opt_ssl_capath, ssl_cipher ? ssl_cipher : opt_ssl_cipher);
     mysql_options(con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
@@ -6069,18 +6098,11 @@ void do_connect(struct st_command *command)
     mysql_options(con_slot->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
                   &opt_ssl_verify_server_cert);
 #endif
-#endif
   }
-
-  if (con_pipe)
-  {
-#ifdef _WIN32
-    opt_protocol= MYSQL_PROTOCOL_PIPE;
 #endif
-  }
 
-  if (opt_protocol)
-    mysql_options(con_slot->mysql, MYSQL_OPT_PROTOCOL, (char*) &opt_protocol);
+  if (protocol)
+    mysql_options(con_slot->mysql, MYSQL_OPT_PROTOCOL, (char*) &protocol);
 
   if (read_timeout)
   {
diff --git a/mysql-test/main/mysqld--help.result b/mysql-test/main/mysqld--help.result
index 8013b6075d0..912bcb2d514 100644
--- a/mysql-test/main/mysqld--help.result
+++ b/mysql-test/main/mysqld--help.result
@@ -1047,6 +1047,10 @@ The following specify which files/extra groups are read (specified before remain
  not sure, leave this option unset
  --report-user=name  The account user name of the slave to be reported to the
  master during slave registration
+ --require-secure-transport 
+ When this option is enabled, connections attempted using
+ insecure transport will be rejected. Secure transports
+ are SSL/TLS, Unix sockets or named pipes.
  --rowid-merge-buff-size=# 
  The size of the buffers used [NOT] IN evaluation via
  partial matching
@@ -1684,6 +1688,7 @@ report-host (No default value)
 report-password (No default value)
 report-port 0
 report-user (No default value)
+require-secure-transport FALSE
 rowid-merge-buff-size 8388608
 rpl-semi-sync-master-enabled FALSE
 rpl-semi-sync-master-timeout 10000
diff --git a/mysql-test/main/require_secure_transport-master.opt b/mysql-test/main/require_secure_transport-master.opt
new file mode 100644
index 00000000000..0a25b054d71
--- /dev/null
+++ b/mysql-test/main/require_secure_transport-master.opt
@@ -0,0 +1 @@
+--require-secure-transport=0
diff --git a/mysql-test/main/require_secure_transport.result b/mysql-test/main/require_secure_transport.result
new file mode 100644
index 00000000000..c9df2f90b45
--- /dev/null
+++ b/mysql-test/main/require_secure_transport.result
@@ -0,0 +1,8 @@
+CREATE TABLE t1 (t int(1));
+SET GLOBAL require_secure_transport=ON;
+ERROR 28000: Access denied for user 'root'@'localhost' (using password: NO)
+connection default;
+SET GLOBAL require_secure_transport=OFF;
+disconnect without_ssl;
+connection default;
+DROP TABLE t1;
diff --git a/mysql-test/main/require_secure_transport.test b/mysql-test/main/require_secure_transport.test
new file mode 100644
index 00000000000..ce62e7d5492
--- /dev/null
+++ b/mysql-test/main/require_secure_transport.test
@@ -0,0 +1,15 @@
+-- source include/have_ssl_communication.inc
+CREATE TABLE t1 (t int(1));
+SET GLOBAL require_secure_transport=ON;
+--disable_query_log
+--error ER_ACCESS_DENIED_ERROR
+connect without_ssl,localhost,root,,,,,TCP NOSSL;
+--enable_query_log
+connection default;
+SET GLOBAL require_secure_transport=OFF;
+--disable_query_log
+connect without_ssl,localhost,root,,,,,TCP NOSSL;
+--enable_query_log
+disconnect without_ssl;
+connection default;
+DROP TABLE t1;
diff --git a/mysql-test/suite/sys_vars/r/sysvars_server_embedded,32bit.rdiff b/mysql-test/suite/sys_vars/r/sysvars_server_embedded,32bit.rdiff
index c31476ed605..6d9466e0602 100644
--- a/mysql-test/suite/sys_vars/r/sysvars_server_embedded,32bit.rdiff
+++ b/mysql-test/suite/sys_vars/r/sysvars_server_embedded,32bit.rdiff
@@ -1156,8 +1156,8 @@
  VARIABLE_COMMENT	When reading rows in sorted order after a sort, the rows are read through this buffer to avoid a disk seeks
  NUMERIC_MIN_VALUE	1
  NUMERIC_MAX_VALUE	2147483647
-@@ -2895,10 +2895,10 @@
- COMMAND_LINE_ARGUMENT	REQUIRED
+@@ -2905,10 +2905,10 @@
+ COMMAND_LINE_ARGUMENT	OPTIONAL
  VARIABLE_NAME	ROWID_MERGE_BUFF_SIZE
  VARIABLE_SCOPE	SESSION
 -VARIABLE_TYPE	BIGINT UNSIGNED
@@ -1169,7 +1169,7 @@
  NUMERIC_BLOCK_SIZE	1
  ENUM_VALUE_LIST	NULL
  READ_ONLY	NO
-@@ -2935,7 +2935,7 @@
+@@ -2945,7 +2945,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	SERVER_ID
  VARIABLE_SCOPE	SESSION
@@ -1178,7 +1178,7 @@
  VARIABLE_COMMENT	Uniquely identifies the server instance in the community of replication partners
  NUMERIC_MIN_VALUE	1
  NUMERIC_MAX_VALUE	4294967295
-@@ -3005,7 +3005,7 @@
+@@ -3015,7 +3015,7 @@
  COMMAND_LINE_ARGUMENT	OPTIONAL
  VARIABLE_NAME	SLAVE_MAX_ALLOWED_PACKET
  VARIABLE_SCOPE	GLOBAL
@@ -1187,7 +1187,7 @@
  VARIABLE_COMMENT	The maximum packet length to sent successfully from the master to slave.
  NUMERIC_MIN_VALUE	1024
  NUMERIC_MAX_VALUE	1073741824
-@@ -3015,7 +3015,7 @@
+@@ -3025,7 +3025,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	SLOW_LAUNCH_TIME
  VARIABLE_SCOPE	GLOBAL
@@ -1196,7 +1196,7 @@
  VARIABLE_COMMENT	If creating the thread takes longer than this value (in seconds), the Slow_launch_threads counter will be incremented
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	31536000
-@@ -3058,7 +3058,7 @@
+@@ -3068,7 +3068,7 @@
  VARIABLE_TYPE	BIGINT UNSIGNED
  VARIABLE_COMMENT	Each thread that needs to do a sort allocates a buffer of this size
  NUMERIC_MIN_VALUE	1024
@@ -1205,7 +1205,7 @@
  NUMERIC_BLOCK_SIZE	1
  ENUM_VALUE_LIST	NULL
  READ_ONLY	NO
-@@ -3265,7 +3265,7 @@
+@@ -3275,7 +3275,7 @@
  COMMAND_LINE_ARGUMENT	NULL
  VARIABLE_NAME	STORED_PROGRAM_CACHE
  VARIABLE_SCOPE	GLOBAL
@@ -1214,7 +1214,7 @@
  VARIABLE_COMMENT	The soft upper limit for number of cached stored routines for one connection.
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	524288
-@@ -3345,7 +3345,7 @@
+@@ -3355,7 +3355,7 @@
  COMMAND_LINE_ARGUMENT	NULL
  VARIABLE_NAME	TABLE_DEFINITION_CACHE
  VARIABLE_SCOPE	GLOBAL
@@ -1223,7 +1223,7 @@
  VARIABLE_COMMENT	The number of cached table definitions
  NUMERIC_MIN_VALUE	400
  NUMERIC_MAX_VALUE	2097152
-@@ -3355,7 +3355,7 @@
+@@ -3365,7 +3365,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	TABLE_OPEN_CACHE
  VARIABLE_SCOPE	GLOBAL
@@ -1232,7 +1232,7 @@
  VARIABLE_COMMENT	The number of cached open tables
  NUMERIC_MIN_VALUE	10
  NUMERIC_MAX_VALUE	1048576
-@@ -3415,7 +3415,7 @@
+@@ -3425,7 +3425,7 @@
  COMMAND_LINE_ARGUMENT	OPTIONAL
  VARIABLE_NAME	THREAD_CACHE_SIZE
  VARIABLE_SCOPE	GLOBAL
@@ -1241,7 +1241,7 @@
  VARIABLE_COMMENT	How many threads we should keep in a cache for reuse. These are freed after 5 minutes of idle time
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	16384
-@@ -3498,7 +3498,7 @@
+@@ -3508,7 +3508,7 @@
  VARIABLE_TYPE	BIGINT UNSIGNED
  VARIABLE_COMMENT	Max size for data for an internal temporary on-disk MyISAM or Aria table.
  NUMERIC_MIN_VALUE	1024
@@ -1250,7 +1250,7 @@
  NUMERIC_BLOCK_SIZE	1
  ENUM_VALUE_LIST	NULL
  READ_ONLY	NO
-@@ -3508,7 +3508,7 @@
+@@ -3518,7 +3518,7 @@
  VARIABLE_TYPE	BIGINT UNSIGNED
  VARIABLE_COMMENT	If an internal in-memory temporary table exceeds this size, MariaDB will automatically convert it to an on-disk MyISAM or Aria table. Same as tmp_table_size.
  NUMERIC_MIN_VALUE	0
@@ -1259,7 +1259,7 @@
  NUMERIC_BLOCK_SIZE	1
  ENUM_VALUE_LIST	NULL
  READ_ONLY	NO
-@@ -3518,14 +3518,14 @@
+@@ -3528,14 +3528,14 @@
  VARIABLE_TYPE	BIGINT UNSIGNED
  VARIABLE_COMMENT	Alias for tmp_memory_table_size. If an internal in-memory temporary table exceeds this size, MariaDB will automatically convert it to an on-disk MyISAM or Aria table.
  NUMERIC_MIN_VALUE	0
@@ -1276,7 +1276,7 @@
  VARIABLE_COMMENT	Allocation block size for transactions to be stored in binary log
  NUMERIC_MIN_VALUE	1024
  NUMERIC_MAX_VALUE	134217728
-@@ -3535,7 +3535,7 @@
+@@ -3545,7 +3545,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	TRANSACTION_PREALLOC_SIZE
  VARIABLE_SCOPE	SESSION
@@ -1285,7 +1285,7 @@
  VARIABLE_COMMENT	Persistent buffer for transactions to be stored in binary log
  NUMERIC_MIN_VALUE	1024
  NUMERIC_MAX_VALUE	134217728
-@@ -3675,7 +3675,7 @@
+@@ -3685,7 +3685,7 @@
  COMMAND_LINE_ARGUMENT	NULL
  VARIABLE_NAME	WAIT_TIMEOUT
  VARIABLE_SCOPE	SESSION
@@ -1294,7 +1294,7 @@
  VARIABLE_COMMENT	The number of seconds the server waits for activity on a connection before closing it
  NUMERIC_MIN_VALUE	1
  NUMERIC_MAX_VALUE	31536000
-@@ -3702,7 +3702,7 @@
+@@ -3712,7 +3712,7 @@
  VARIABLE_NAME	LOG_TC_SIZE
  GLOBAL_VALUE_ORIGIN	AUTO
  VARIABLE_SCOPE	GLOBAL
diff --git a/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result b/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result
index bacdc115ca3..d65fd3a1ebe 100644
--- a/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result
+++ b/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result
@@ -2893,6 +2893,16 @@ NUMERIC_BLOCK_SIZE	1
 ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
 COMMAND_LINE_ARGUMENT	REQUIRED
+VARIABLE_NAME	REQUIRE_SECURE_TRANSPORT
+VARIABLE_SCOPE	GLOBAL
+VARIABLE_TYPE	BOOLEAN
+VARIABLE_COMMENT	When this option is enabled, connections attempted using insecure transport will be rejected. Secure transports are SSL/TLS or Unix sockets.
+NUMERIC_MIN_VALUE	NULL
+NUMERIC_MAX_VALUE	NULL
+NUMERIC_BLOCK_SIZE	NULL
+ENUM_VALUE_LIST	OFF,ON
+READ_ONLY	NO
+COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	ROWID_MERGE_BUFF_SIZE
 VARIABLE_SCOPE	SESSION
 VARIABLE_TYPE	BIGINT UNSIGNED
diff --git a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded,32bit.rdiff b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded,32bit.rdiff
index 1c1af98f068..daf5a5a1bad 100644
--- a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded,32bit.rdiff
+++ b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded,32bit.rdiff
@@ -1164,8 +1164,8 @@
  VARIABLE_COMMENT	When reading rows in sorted order after a sort, the rows are read through this buffer to avoid a disk seeks
  NUMERIC_MIN_VALUE	1
  NUMERIC_MAX_VALUE	2147483647
-@@ -3255,10 +3255,10 @@
- COMMAND_LINE_ARGUMENT	REQUIRED
+@@ -3265,10 +3265,10 @@
+ COMMAND_LINE_ARGUMENT	OPTIONAL
  VARIABLE_NAME	ROWID_MERGE_BUFF_SIZE
  VARIABLE_SCOPE	SESSION
 -VARIABLE_TYPE	BIGINT UNSIGNED
@@ -1177,7 +1177,7 @@
  NUMERIC_BLOCK_SIZE	1
  ENUM_VALUE_LIST	NULL
  READ_ONLY	NO
-@@ -3275,20 +3275,20 @@
+@@ -3285,20 +3285,20 @@
  COMMAND_LINE_ARGUMENT	OPTIONAL
  VARIABLE_NAME	RPL_SEMI_SYNC_MASTER_TIMEOUT
  VARIABLE_SCOPE	GLOBAL
@@ -1202,7 +1202,7 @@
  NUMERIC_BLOCK_SIZE	1
  ENUM_VALUE_LIST	NULL
  READ_ONLY	NO
-@@ -3345,10 +3345,10 @@
+@@ -3355,10 +3355,10 @@
  COMMAND_LINE_ARGUMENT	OPTIONAL
  VARIABLE_NAME	RPL_SEMI_SYNC_SLAVE_TRACE_LEVEL
  VARIABLE_SCOPE	GLOBAL
@@ -1215,7 +1215,7 @@
  NUMERIC_BLOCK_SIZE	1
  ENUM_VALUE_LIST	NULL
  READ_ONLY	NO
-@@ -3385,7 +3385,7 @@
+@@ -3395,7 +3395,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	SERVER_ID
  VARIABLE_SCOPE	SESSION
@@ -1224,7 +1224,7 @@
  VARIABLE_COMMENT	Uniquely identifies the server instance in the community of replication partners
  NUMERIC_MIN_VALUE	1
  NUMERIC_MAX_VALUE	4294967295
-@@ -3525,7 +3525,7 @@
+@@ -3535,7 +3535,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	SLAVE_DOMAIN_PARALLEL_THREADS
  VARIABLE_SCOPE	GLOBAL
@@ -1233,7 +1233,7 @@
  VARIABLE_COMMENT	Maximum number of parallel threads to use on slave for events in a single replication domain. When using multiple domains, this can be used to limit a single domain from grabbing all threads and thus stalling other domains. The default of 0 means to allow a domain to grab as many threads as it wants, up to the value of slave_parallel_threads.
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	16383
-@@ -3555,7 +3555,7 @@
+@@ -3565,7 +3565,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	SLAVE_MAX_ALLOWED_PACKET
  VARIABLE_SCOPE	GLOBAL
@@ -1242,7 +1242,7 @@
  VARIABLE_COMMENT	The maximum packet length to sent successfully from the master to slave.
  NUMERIC_MIN_VALUE	1024
  NUMERIC_MAX_VALUE	1073741824
-@@ -3575,7 +3575,7 @@
+@@ -3585,7 +3585,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	SLAVE_PARALLEL_MAX_QUEUED
  VARIABLE_SCOPE	GLOBAL
@@ -1251,7 +1251,7 @@
  VARIABLE_COMMENT	Limit on how much memory SQL threads should use per parallel replication thread when reading ahead in the relay log looking for opportunities for parallel replication. Only used when --slave-parallel-threads > 0.
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	2147483647
-@@ -3595,7 +3595,7 @@
+@@ -3605,7 +3605,7 @@
  COMMAND_LINE_ARGUMENT	NULL
  VARIABLE_NAME	SLAVE_PARALLEL_THREADS
  VARIABLE_SCOPE	GLOBAL
@@ -1260,7 +1260,7 @@
  VARIABLE_COMMENT	If non-zero, number of threads to spawn to apply in parallel events on the slave that were group-committed on the master or were logged with GTID in different replication domains. Note that these threads are in addition to the IO and SQL threads, which are always created by a replication slave
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	16383
-@@ -3605,7 +3605,7 @@
+@@ -3615,7 +3615,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	SLAVE_PARALLEL_WORKERS
  VARIABLE_SCOPE	GLOBAL
@@ -1269,7 +1269,7 @@
  VARIABLE_COMMENT	Alias for slave_parallel_threads
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	16383
-@@ -3645,7 +3645,7 @@
+@@ -3655,7 +3655,7 @@
  COMMAND_LINE_ARGUMENT	OPTIONAL
  VARIABLE_NAME	SLAVE_TRANSACTION_RETRIES
  VARIABLE_SCOPE	GLOBAL
@@ -1278,7 +1278,7 @@
  VARIABLE_COMMENT	Number of times the slave SQL thread will retry a transaction in case it failed with a deadlock, elapsed lock wait timeout or listed in slave_transaction_retry_errors, before giving up and stopping
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	4294967295
-@@ -3665,7 +3665,7 @@
+@@ -3675,7 +3675,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	SLAVE_TRANSACTION_RETRY_INTERVAL
  VARIABLE_SCOPE	GLOBAL
@@ -1287,7 +1287,7 @@
  VARIABLE_COMMENT	Interval of the slave SQL thread will retry a transaction in case it failed with a deadlock or elapsed lock wait timeout or listed in slave_transaction_retry_errors
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	3600
-@@ -3685,7 +3685,7 @@
+@@ -3695,7 +3695,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	SLOW_LAUNCH_TIME
  VARIABLE_SCOPE	GLOBAL
@@ -1296,7 +1296,7 @@
  VARIABLE_COMMENT	If creating the thread takes longer than this value (in seconds), the Slow_launch_threads counter will be incremented
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	31536000
-@@ -3728,7 +3728,7 @@
+@@ -3738,7 +3738,7 @@
  VARIABLE_TYPE	BIGINT UNSIGNED
  VARIABLE_COMMENT	Each thread that needs to do a sort allocates a buffer of this size
  NUMERIC_MIN_VALUE	1024
@@ -1305,7 +1305,7 @@
  NUMERIC_BLOCK_SIZE	1
  ENUM_VALUE_LIST	NULL
  READ_ONLY	NO
-@@ -3945,7 +3945,7 @@
+@@ -3955,7 +3955,7 @@
  COMMAND_LINE_ARGUMENT	NULL
  VARIABLE_NAME	STORED_PROGRAM_CACHE
  VARIABLE_SCOPE	GLOBAL
@@ -1314,7 +1314,7 @@
  VARIABLE_COMMENT	The soft upper limit for number of cached stored routines for one connection.
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	524288
-@@ -4045,7 +4045,7 @@
+@@ -4055,7 +4055,7 @@
  COMMAND_LINE_ARGUMENT	NULL
  VARIABLE_NAME	TABLE_DEFINITION_CACHE
  VARIABLE_SCOPE	GLOBAL
@@ -1323,7 +1323,7 @@
  VARIABLE_COMMENT	The number of cached table definitions
  NUMERIC_MIN_VALUE	400
  NUMERIC_MAX_VALUE	2097152
-@@ -4055,7 +4055,7 @@
+@@ -4065,7 +4065,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	TABLE_OPEN_CACHE
  VARIABLE_SCOPE	GLOBAL
@@ -1332,7 +1332,7 @@
  VARIABLE_COMMENT	The number of cached open tables
  NUMERIC_MIN_VALUE	10
  NUMERIC_MAX_VALUE	1048576
-@@ -4115,7 +4115,7 @@
+@@ -4125,7 +4125,7 @@
  COMMAND_LINE_ARGUMENT	OPTIONAL
  VARIABLE_NAME	THREAD_CACHE_SIZE
  VARIABLE_SCOPE	GLOBAL
@@ -1341,7 +1341,7 @@
  VARIABLE_COMMENT	How many threads we should keep in a cache for reuse. These are freed after 5 minutes of idle time
  NUMERIC_MIN_VALUE	0
  NUMERIC_MAX_VALUE	16384
-@@ -4288,7 +4288,7 @@
+@@ -4298,7 +4298,7 @@
  VARIABLE_TYPE	BIGINT UNSIGNED
  VARIABLE_COMMENT	Max size for data for an internal temporary on-disk MyISAM or Aria table.
  NUMERIC_MIN_VALUE	1024
@@ -1350,7 +1350,7 @@
  NUMERIC_BLOCK_SIZE	1
  ENUM_VALUE_LIST	NULL
  READ_ONLY	NO
-@@ -4298,7 +4298,7 @@
+@@ -4308,7 +4308,7 @@
  VARIABLE_TYPE	BIGINT UNSIGNED
  VARIABLE_COMMENT	If an internal in-memory temporary table exceeds this size, MariaDB will automatically convert it to an on-disk MyISAM or Aria table. Same as tmp_table_size.
  NUMERIC_MIN_VALUE	0
@@ -1359,7 +1359,7 @@
  NUMERIC_BLOCK_SIZE	1
  ENUM_VALUE_LIST	NULL
  READ_ONLY	NO
-@@ -4308,14 +4308,14 @@
+@@ -4318,14 +4318,14 @@
  VARIABLE_TYPE	BIGINT UNSIGNED
  VARIABLE_COMMENT	Alias for tmp_memory_table_size. If an internal in-memory temporary table exceeds this size, MariaDB will automatically convert it to an on-disk MyISAM or Aria table.
  NUMERIC_MIN_VALUE	0
@@ -1376,7 +1376,7 @@
  VARIABLE_COMMENT	Allocation block size for transactions to be stored in binary log
  NUMERIC_MIN_VALUE	1024
  NUMERIC_MAX_VALUE	134217728
-@@ -4325,7 +4325,7 @@
+@@ -4335,7 +4335,7 @@
  COMMAND_LINE_ARGUMENT	REQUIRED
  VARIABLE_NAME	TRANSACTION_PREALLOC_SIZE
  VARIABLE_SCOPE	SESSION
@@ -1385,7 +1385,7 @@
  VARIABLE_COMMENT	Persistent buffer for transactions to be stored in binary log
  NUMERIC_MIN_VALUE	1024
  NUMERIC_MAX_VALUE	134217728
-@@ -4465,7 +4465,7 @@
+@@ -4475,7 +4475,7 @@
  COMMAND_LINE_ARGUMENT	NULL
  VARIABLE_NAME	WAIT_TIMEOUT
  VARIABLE_SCOPE	SESSION
@@ -1394,7 +1394,7 @@
  VARIABLE_COMMENT	The number of seconds the server waits for activity on a connection before closing it
  NUMERIC_MIN_VALUE	1
  NUMERIC_MAX_VALUE	31536000
-@@ -4492,7 +4492,7 @@
+@@ -4502,7 +4502,7 @@
  VARIABLE_NAME	LOG_TC_SIZE
  GLOBAL_VALUE_ORIGIN	AUTO
  VARIABLE_SCOPE	GLOBAL
diff --git a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result
index 1d28a9853e4..89575ec7b40 100644
--- a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result
+++ b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result
@@ -3253,6 +3253,16 @@ NUMERIC_BLOCK_SIZE	NULL
 ENUM_VALUE_LIST	NULL
 READ_ONLY	YES
 COMMAND_LINE_ARGUMENT	REQUIRED
+VARIABLE_NAME	REQUIRE_SECURE_TRANSPORT
+VARIABLE_SCOPE	GLOBAL
+VARIABLE_TYPE	BOOLEAN
+VARIABLE_COMMENT	When this option is enabled, connections attempted using insecure transport will be rejected. Secure transports are SSL/TLS or Unix sockets.
+NUMERIC_MIN_VALUE	NULL
+NUMERIC_MAX_VALUE	NULL
+NUMERIC_BLOCK_SIZE	NULL
+ENUM_VALUE_LIST	OFF,ON
+READ_ONLY	NO
+COMMAND_LINE_ARGUMENT	OPTIONAL
 VARIABLE_NAME	ROWID_MERGE_BUFF_SIZE
 VARIABLE_SCOPE	SESSION
 VARIABLE_TYPE	BIGINT UNSIGNED
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index b2f8afca7a6..7aa6d9bfb38 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -421,6 +421,7 @@ my_bool use_temp_pool, relay_log_purge;
 my_bool relay_log_recovery;
 my_bool opt_sync_frm, opt_allow_suspicious_udfs;
 my_bool opt_secure_auth= 0;
+my_bool opt_require_secure_transport= 0;
 char* opt_secure_file_priv;
 my_bool lower_case_file_system= 0;
 my_bool opt_large_pages= 0;
@@ -4527,6 +4528,21 @@ void ssl_acceptor_stats_update(int sslaccept_ret)
 
 static void init_ssl()
 {
+/*
+  Not need to check require_secure_transport on the Linux,
+  because it always has Unix domain sockets that are secure:
+*/
+#ifdef _WIN32
+  if (opt_require_secure_transport &&
+      !opt_use_ssl &&
+      !opt_enable_named_pipe &&
+      !opt_bootstrap)
+  {
+    sql_print_error("Server is started with --require-secure-transport=ON "
+                    "but no secure transport (SSL or PIPE) are configured.");
+    unireg_abort(1);
+  }
+#endif
 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
   if (opt_use_ssl)
   {
diff --git a/sql/mysqld.h b/sql/mysqld.h
index 4f4e608e811..0e5ee8c856f 100644
--- a/sql/mysqld.h
+++ b/sql/mysqld.h
@@ -134,6 +134,7 @@ extern my_bool read_only, opt_readonly;
 extern MYSQL_PLUGIN_IMPORT my_bool lower_case_file_system;
 extern my_bool opt_enable_named_pipe, opt_sync_frm, opt_allow_suspicious_udfs;
 extern my_bool opt_secure_auth;
+extern my_bool opt_require_secure_transport;
 extern const char *current_dbug_option;
 extern char* opt_secure_file_priv;
 extern char* opt_secure_backup_file_priv;
diff --git a/sql/share/errmsg-utf8.txt b/sql/share/errmsg-utf8.txt
index 78b6cfa63c8..aa740ba5248 100644
--- a/sql/share/errmsg-utf8.txt
+++ b/sql/share/errmsg-utf8.txt
@@ -7944,4 +7944,6 @@ ER_WARN_HISTORY_ROW_START_TIME
 ER_PART_STARTS_BEYOND_INTERVAL
         eng "%`s: STARTS is later than query time, first history partition may exceed INTERVAL value"
 ER_GALERA_REPLICATION_NOT_SUPPORTED
-	eng "DDL-statement is forbidden as table storage engine does not support Galera replication"
\ No newline at end of file
+	eng "DDL-statement is forbidden as table storage engine does not support Galera replication"
+ER_NO_SECURE_TRANSPORTS_CONFIGURED
+        eng "No secure transports are configured, unable to set --require_secure_transport=ON"
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 1af5d531cea..45bb6ae89ad 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -13642,8 +13642,8 @@ static void server_mpvio_info(MYSQL_PLUGIN_VIO *vio,
 
 static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user)
 {
-#ifdef HAVE_OPENSSL
   Vio *vio= thd->net.vio;
+#ifdef HAVE_OPENSSL
   SSL *ssl= (SSL *) vio->ssl_arg;
   X509 *cert;
 #endif
@@ -13657,6 +13657,24 @@ static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user)
   switch (acl_user->ssl_type) {
   case SSL_TYPE_NOT_SPECIFIED:                  // Impossible
   case SSL_TYPE_NONE:                           // SSL is not required
+    if (opt_require_secure_transport)
+    {
+      enum enum_vio_type type= vio_type(vio);
+#ifdef HAVE_OPENSSL
+      return type != VIO_TYPE_SSL &&
+#ifndef _WIN32
+             type != VIO_TYPE_SOCKET;
+#else
+             type != VIO_TYPE_NAMEDPIPE;
+#endif
+#else
+#ifndef _WIN32
+      return type != VIO_TYPE_SOCKET;
+#else
+      return type != VIO_TYPE_NAMEDPIPE;
+#endif
+#endif
+    }
     return 0;
 #ifdef HAVE_OPENSSL
   case SSL_TYPE_ANY:                            // Any kind of SSL is ok
diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc
index 7f61da63d60..4ba866749ee 100644
--- a/sql/sys_vars.cc
+++ b/sql/sys_vars.cc
@@ -3041,6 +3041,40 @@ static Sys_var_mybool Sys_secure_auth(
        GLOBAL_VAR(opt_secure_auth), CMD_LINE(OPT_ARG),
        DEFAULT(TRUE));
 
+static bool check_require_secure_transport(sys_var *self, THD *thd, set_var *var)
+{
+#ifndef _WIN32
+  /*
+    Always allow require_secure_transport to be enabled on
+    Linux, because it always has Unix domain sockets that are secure:
+  */
+  return false;
+#else
+  /*
+    Check SSL is enabled before turning require_secure_transport ON,
+    otherwise no connections will be allowed on Windows:
+  */
+  if (!var->save_result.ulonglong_value)
+    return false;
+  if (opt_use_ssl || opt_enable_named_pipe)
+    return false;
+  /* reject if SSL is disabled: */
+  my_error(ER_NO_SECURE_TRANSPORTS_CONFIGURED, MYF(0));
+  return true;
+#endif
+}
+
+static Sys_var_mybool Sys_require_secure_transport(
+  "require_secure_transport",
+  "When this option is enabled, connections attempted using insecure "
+  "transport will be rejected. Secure transports are SSL/TLS, "
+  "Unix sockets or named pipes.",
+  GLOBAL_VAR(opt_require_secure_transport),
+  CMD_LINE(OPT_ARG),
+  DEFAULT(FALSE),
+  NO_MUTEX_GUARD, NOT_IN_BINLOG,
+  ON_CHECK(check_require_secure_transport), ON_UPDATE(0));
+
 static Sys_var_charptr Sys_secure_file_priv(
        "secure_file_priv",
        "Limit LOAD DATA, SELECT ... OUTFILE, and LOAD_FILE() to files "