search

sysown / proxysql

High-performance MySQL proxy with a GPL license.
http://www.proxysql.com
GNU General Public License v3.0
6.03k stars 981 forks source link

ssl hardening #3207

Open doets001 opened 3 years ago

doets001 commented 3 years ago

feature request

I like it to be possible to harden the SSL connection to the ProxySQL. Therefore I like it to be possible to disable certain protocols / ciphers.

For example, I like to disable

renecannao commented 3 years ago

We need to implement something similar to MySQL's tls_version variable: https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-protocol-configuration

This can be an Admin variable

linuxmail commented 2 years ago

Hello,

good to see, that there is a patch for it :-) PCI-DSS forces us to disable 1.0 / 1.1 .. so we are waiting to purge Hashicorp Envoy :-)