search

docker-library / mysql

Docker Official Image packaging for MySQL Community Server
https://dev.mysql.com/
GNU General Public License v2.0
2.48k stars 2.21k forks source link

Skip SSL #1053

Closed qmonmert closed 6 months ago

qmonmert commented 7 months ago

Since 8.4.0, this command mysqld --lower_case_table_names=1 --skip-ssl --character_set_server=utf8mb4 --explicit_defaults_for_timestamp is on error:

[ERROR] [MY-000068] [Server] unknown option '--skip-ssl'.

I tried with --ssl-mode=DISABLED the command mysqld --lower_case_table_names=1 --ssl-mode=DISABLED --character_set_server=utf8mb4 --explicit_defaults_for_timestamp but it doesn't work:

[ERROR] [MY-000067] [Server] unknown variable 'ssl-mode=DISABLED'.

Have you an idea?

Thanks a lot

tianon commented 6 months ago

I don't see anything related in the MySQL 8.4 release notes, but I also don't see any SSL-related flags in https://dev.mysql.com/doc/refman/8.4/en/server-options.html, so this looks like it's likely an intentional upstream change.

qmonmert commented 6 months ago

@tianon indeed but I saw that on the doc https://dev.mysql.com/doc/refman/8.4/en/connection-options.html#option_general_ssl-mode image but it doesn't work on my example 🧐

yosifkit commented 6 months ago

The --ssl-mode flag is for the mysql client, not the server.

$ docker run -it --rm mysql:8.4 mysqld --help | grep ssl-mode
$ # empty result
$ docker run -it --rm mysql:8.4 mysql --help | grep ssl-mode
  --ssl-mode=name     SSL connection mode.

And the skip-ssl flag is no longer mentioned:

$ docker run -it --rm mysql:8.0 mysqld --help --verbose | grep -B2 skip-ssl
  --ssl               Enable SSL for connection (automatically enabled with
                      other flags).
                      (Defaults to on; use --skip-ssl to disable.)
--
    --ssl-session-cache-mode
                      Is TLS session cache enabled or not
                      (Defaults to on; use --skip-ssl-session-cache-mode to disable.)
$ docker run -it --rm mysql:8.3 mysqld --help --verbose | grep -B2 skip-ssl
  --ssl               Enable SSL for connection (automatically enabled with
                      other flags).
                      (Defaults to on; use --skip-ssl to disable.)
--
    --ssl-session-cache-mode
                      Is TLS session cache enabled or not
                      (Defaults to on; use --skip-ssl-session-cache-mode to disable.)
$ docker run -it --rm mysql:8.4 mysqld --help --verbose | grep -B2 skip-ssl
  --ssl-session-cache-mode
                      Is TLS session cache enabled or not
                      (Defaults to on; use --skip-ssl-session-cache-mode to disable.)

I guess by removing the --ssl server option, they also meant that skip-ssl was removed too:

The --ssl and --admin-ssl server options, as well as the have_ssl and have_openssl server system variables, were all deprecated in MySQL 8.0.26, and are all removed in this release. Use --tls-version and --admin-tls-version instead.

-https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-0.html#mysqld-8-4-0-deprecation-removal

qmonmert commented 6 months ago

thanks @yosifkit I close the ticket