Closed mirromutth closed 5 years ago
How does MySQL handle SSL? Is there some sort of handshake? With netty, you would use SslHandler
. For Postgres and SQL Server, SslHandler
is wrapped in a custom handler/adapter because both databases require some wrapping around SSL. Take a look at r2dbc/r2dbc-postgresql#104 how SSL support would be done for Postgres.
@mp911de MySQL handle SSL after Handshake Request. Handshake Request is a server side message, include random password salt and server capabilities.
The client need send Handshake Response after Handshake Request in plain connection, and Handshake Response has two parts, client capabilities' part and authentication part.
In SSL connection, client should send the first part of Handshake Response (and set client SSL capability to 1), then client send Client Hello, server send Server Hello, ... After standard 4-steps SSL handshake, the client should send the second part of Handshake Response. Full authentication phase is optional and only enabled by fast authentication failed and handling SSL. Therefore, can be considered that the full authentication phase is not in the handshake phase, but affected by handshake phase.
More intuitive:
For convenience of comparison, attach plain connection:
This sounds similar to what SQL Server is doing. Depending on the Server/user configuration, we enable the SSL handler and let the SSL handshake happen. As soon as this is done, we send authentication over SSL. Depending on the server/client config, we either disable SSL or remain in SSL mode. This is a bit of a dance, especially because SQL server requires SSL handshake frames to be wrapped with SQL server headers. In any case, here's the SQL server SSL code: https://github.com/r2dbc/r2dbc-mssql/tree/master/src/main/java/io/r2dbc/mssql/client/ssl
SSL has supported, and another problem happened, see #33 .
The
caching_sha2_password
full authentication phase must be handled on SSL. So if want to provide the best support for MySQL 8.0, should provide SSL support.