I'm using MySQL .NET connector from MySQL official site. I'm trying to make a safe SSL connection from my C# program to a Mysql db. Mysql server allows to connect with SSL. have_ssl variable is set to yes and ca-cert, server-cert and server-key are specified.

Permissions for the user are:

'GRANT USAGE ON *.* TO \'logowanie\'@\'%\' IDENTIFIED BY PASSWORD \'*...\' REQUIRE SSL'
'GRANT SELECT ON `db`.`table1` TO \'logowanie\'@\'%\''

So I assume, that this user cannot login without SSL? Am I right?

My connection string in C# program looks like that:

"server=127.0.0.1;uid=logowanie;pwd=log1;database=ewidencja;SslMode=Required";

See that this connection string doesn't have any paths to certificate files! It only has "SSLMode=Required" option. Is it possible to make SSL encrypted connection without any other SSL options?

And the user is able to login and make some select command on table1. So I assume this connection is SSL encrypted? How can I check whether this connection is SSL encrypted to be 100% sure?

How can I check whether this connection is SSL encrypted to be 100% sure?

Install Wireshark, capture the traffic and you'll be 100% sure whether it's encrypted or not.

Posting my answer from https://stackoverflow.com/a/46609559/492336:

You can execute this SQL statement from inside the MySqlConnection: SHOW SESSION STATUS LIKE 'Ssl_cipher', and it will show you whether the connection is encrypted.

Example code:

var connection = new MySqlConnection(ConfigurationManager.AppSettings["Test"]);
connection.Open();
var command = new MySqlCommand("SHOW SESSION STATUS LIKE \'Ssl_cipher\'", connection);
MySqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
    Console.WriteLine($"{reader.GetString(0)}: {reader.GetString(1)}");
}

Openssl https://www.openssl.org/ ships with a tool called "s_client" that can be used to test SSL servers. This is available for *nix, cygwin, and Win32.

Sample Usage

$ openssl s_client -connect servername:port -CAfile /path/to/ca.pem -debug -showcerts

There are a myriad of options such as -pause, -state, etc. which you may find useful for tracking SSL through its setup and teardown.

Security

Use Wireshark as Miljen has pointed out.

Here are some tips for wireshark

1. Collect the traffic using Wireshark
2. Verify that the contents of the packets look like random noise (random bytes).
3. This output should be sufficient to check that you have turned on SSL.

If you're looking to test whether your SSL code works properly, you could also check whether you can interoperate with other SSL implementations.

Did you hardcode the public key of the server properly, or properly check the server cert to make sure it corresponds to your server and not some imposter? Did you enable client authentication? Did you set the list of acceptable ciphersuites in a reasonable way? Did you use TLS 1.2? Are you aware that TLS only secures the communication channel, but you still need to make sure that the endpoints are secure, e.g., from various malicious attacks?

That might get you started for testing here are some tips

For testing see https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29

This link contains great stuff there, but it is by no means exhaustive. These tests are geared for HTTPS, but they should work for any SSL implementation since it is analyzing the SSL protocol, not the application-level protocol on top.