diff --git a/roles/connect_wordpress/vars/main.yml b/roles/connect_wordpress/vars/main.yml
index e4c9459..353b985 100644
--- a/roles/connect_wordpress/vars/main.yml
+++ b/roles/connect_wordpress/vars/main.yml
@@ -42,7 +42,7 @@ wordpress_docker: {
         "WORDPRESS_CONFIG_EXTRA: |",
         "  define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );",
         "  define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );",
-        "  define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );",
+#        "  define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );",
         "AUTH_API: \"https://{{ shared_service_keycloak_hostname }}\"",
         "RESOURCE_API: \"https://{{ connect_base_url }}\"",
         "REALM_ID: \"{{ current_realm_name }}\"",
diff --git a/roles/maria/tasks/main.yml b/roles/maria/tasks/main.yml
index 384f97e..8fa3950 100644
--- a/roles/maria/tasks/main.yml
+++ b/roles/maria/tasks/main.yml
@@ -47,13 +47,21 @@
     line: 'bind-address={{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr(shared_service_network) | first }}'
   notify: restart mysql
 
-- name: "Create my.cnf containing ssl stuff"
-  template:
-    src: 50-ssl.cnf
-    dest: /etc/mysql/conf.d/
-    mode: '0644'
-    owner: root
-    group: root
+# DEV-422: SSL stuff does not work as expected
+#- name: "Create my.cnf containing ssl stuff"
+#  template:
+#    src: 50-ssl.cnf
+#    dest: /etc/mysql/conf.d/
+#    mode: '0644'
+#    owner: root
+#    group: root
+#  notify: restart mysql
+
+# DEV-422
+- name: "Ensure configured SSL config is removed"
+  file:
+    state: absent
+    path: /etc/mysql/conf.d/50-ssl.cnf
   notify: restart mysql
 
 - name: Ensure service is started
diff --git a/roles/maria/templates/50-ssl.cnf b/roles/maria/templates/50-ssl.cnf
index 965bdeb..641c431 100644
--- a/roles/maria/templates/50-ssl.cnf
+++ b/roles/maria/templates/50-ssl.cnf
@@ -3,3 +3,5 @@ ssl_key = {{ cert_private_key }}
 ssl_cert = {{ cert_public_key }} 
 ssl_ca = {{ ca_cert }}
 ssl = on
+tls_version = TLSv1.2,TLSv1.3
+ssl_cipher = TLSv1.2,TLSv1.3
diff --git a/roles/restore_maria/tasks/main.yml b/roles/restore_maria/tasks/main.yml
index 5fd0c94..8146906 100644
--- a/roles/restore_maria/tasks/main.yml
+++ b/roles/restore_maria/tasks/main.yml
@@ -12,8 +12,8 @@
       - mariadb-server
       - mariadb-backup
     mysql_bind_address: '{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr(shared_service_network) | first }}'
-    mysql_config_include_files:
-      - src: 50-ssl.cnf
+#    mysql_config_include_files:
+#      - src: 50-ssl.cnf
   include_role:
     name: geerlingguy.mysql
 
@@ -27,6 +27,7 @@
     tasks_from: _create_cert
   vars:
     selfsigned_ca_cert_private_key: '{{ cert_private_key }}'
+    selfsigned_ca_cert_private_key_group: mysql
     selfsigned_ca_cert_public_key: '{{ cert_public_key }}'
     selfsigned_ca_cacert: '{{ ca_cert }}'
     selfsigned_ca_cert_subject:
diff --git a/roles/restore_maria/templates/50-ssl.cnf b/roles/restore_maria/templates/50-ssl.cnf
index 965bdeb..06be82b 100644
--- a/roles/restore_maria/templates/50-ssl.cnf
+++ b/roles/restore_maria/templates/50-ssl.cnf
@@ -2,4 +2,5 @@
 ssl_key = {{ cert_private_key }}
 ssl_cert = {{ cert_public_key }} 
 ssl_ca = {{ ca_cert }}
-ssl = on
+tls_version = TLSv1.2,TLSv1.3
+ssl_cipher = TLSv1.2,TLSv1.3