MySQL needs an SSL/TLS library. It uses it primarily to encrypt network connections, but also uses its various algorithms and random number generators.
OpenSSL is the golden standard when it comes to cross-platform open source SSL/TLS library that you use from C/C++. This library is widely used, well maintained, and provides a very vast array of functionality that MySQL leverages.
We put a great deal of effort making sure compiling with OpenSSL is very easy and the resulting binaries work as expected. We test continuously and make sure new features we add work and perform with OpenSSL.
Given that OpenSSL is the industry standard, and trusted by our customers and users, we have decided to support OpenSSL in MySQL 5.6, 5.7 and 8.0. We are eliminating support for YaSSL and WolfSSL
This will allow us to focus our efforts on developing more interesting MySQL features instead of maintaining integration with multiple SSL/TLS libraries.
I have removed the code that supports building MySQL with any library but the OpenSSL library. Note the -DWITH_SSL=bundled cmake option is not supported going forward. The new default for WITH_SSL is -DWITH_SSL=system.
The MySQL team also started building all of the binaries we provide with OpenSSL. And not with just any OpenSSL version. There is one additional complication. According to OpenSSL’s release strategy, OpenSSL 1.0.2 support stops on 2019-12-31. They are encouraging people to migrate to the next Long Term Support release (LTS): 1.1.1.
Note that all of our MySQL 8.0 binaries have always been built with OpenSSL and linked dynamically. And the MySQL 5.6 and 5.7 enterprise binaries have been built with OpenSSL for many years. Thus, the MySQL/OpenSSL combination is very well tested and production proven.
To sum things up, we’re going to be building all of our binaries (commercial and community) for each release (5.6, 5.7, 8.0) in the same identical way when it comes to SSL/TLS libraries.
Thank you for using MySQL !