Open qadqdew opened 2 years ago
I need to enable SSL only for front-end connections. Sharing the configuration for better clarity.
+----------------------+-------------------------------+ | variable_name | variable_value | +----------------------+-------------------------------+ | mysql-ssl_p2s_cipher | ECDHE-ECDSA-AES256-GCM-SHA384 | +----------------------+-------------------------------+ 1 row in set (0.00 sec)
mysql/bin/mysql -uadmin -p -P6032 -h127.0.0.1 -e '\s' | grep -P 'SSL|Connection' Connection id: 1441 SSL: Cipher in use is DHE-RSA-AES256-SHA Connection: 127.0.0.1 via TCP/IP```
From this I could see only default cipher is used in front-end connections.
On explicitly mentioning --ssl --ssl-cipher=ECDHE-ECDSA-AES256-GCM-SHA384 Getting SSL connection error: Failed to set ciphers to use.
Able to connect only with default cipher.
Also experiencing this issue, changing ssl_p2s_cipher seems to have no effect, it continues to use the default cipher.
ssl_p2s_cipher
I need to enable SSL only for front-end connections. Sharing the configuration for better clarity.
+----------------------+-------------------------------+ | variable_name | variable_value | +----------------------+-------------------------------+ | mysql-ssl_p2s_cipher | ECDHE-ECDSA-AES256-GCM-SHA384 | +----------------------+-------------------------------+ 1 row in set (0.00 sec)
mysql/bin/mysql -uadmin -p -P6032 -h127.0.0.1 -e '\s' | grep -P 'SSL|Connection' Connection id: 1441 SSL: Cipher in use is DHE-RSA-AES256-SHA Connection: 127.0.0.1 via TCP/IP```
From this I could see only default cipher is used in front-end connections.
On explicitly mentioning --ssl --ssl-cipher=ECDHE-ECDSA-AES256-GCM-SHA384 Getting SSL connection error: Failed to set ciphers to use.
Able to connect only with default cipher.