TLS is also known as SSL (Secure Sockets Layer). It refers to transport layer security.
When an unencrypted connection exists between a MySQL client and server, someone with network access can observe all traffic and examine the data sent or received between the client and server. When users wish to transmit information over the network in a secure manner, unencrypted connections are not accepted.
In order to make any type of data unreadable, encryption must be used. Encryption algorithms often contain security elements that help resist many known attacks, some of which include changing the order of encrypted messages or replaying data twice. MySQL supports encrypted connections that occur between the client and server, both of which use the TLS protocol. But MySQL does not use the SSL protocol for encrypted connections because the encryption is weak.
TLS uses encryption algorithms to ensure that data received on public networks is trustworthy data. It has many methods to detect changes, loss or replay of data. TLS also uses authentication algorithms with the X.509 standard.
MySQL encrypts per connection. Encryption for a given user can be optional or mandatory. This allows users to choose an encrypted or unencrypted connection depending on the application's requirements.
Let us understand how to enable TLS for MySQL client:
mysql_ssl_rsa_setup --datadir=./certs
--ssl-mode=REQUIRED- Tells that en encrypted connection is needed.
Requires authentication to be enabled: If the ssl-ca parameter is not specified, by default the client or The server does not authenticate.
To authenticate MySQL clients from the server:
The above is the detailed content of Enable TLS for MySQL clients. For more information, please follow other related articles on the PHP Chinese website!