As of MySQL 8.0.29, the server supports SSL session reuse by default, but only within a configurable timeout period after a user enables the feature. All MySQL client applications support session reuse. For a description of server-side and client-side operations, see Reusing SSL Sessions.
This section describes how C applications can use the C API capabilities to enable session reuse for encrypted connections.
SSL session reuse works as follows:
With an active SSL connection ongoing, your application can request the current SSL session data by calling
mysql_get_ssl_session_data()
. The call returns a pointer to an in-memory object, which is currently the PEM serialization of the session as an ASCII string.Your application then passes the pointer to
mysql_options()
with theMYSQL_OPT_SSL_SESSION_DATA
option for use in the new connection it is building (during the pre-connect phase).At runtime, the application connects as it normally does. At this point the prior session has to potential to be reused. Your application can determine whether a session is being reused for the new connection by calling
mysql_get_ssl_session_reused()
. The call returnsTRUE
if there was a session and it was reused.After your application no longer needs the pointer, it is important to free it with a call to
mysql_free_ssl_session_data()
.
MySQL uses a random TLS context-related context ID, which also applies to session reuse. With TLS 1.3, when the previously described call sequence occurs, OpenSSL uses pre-shared keys for session reuse. In contrast, with TLS 1.2, OpenSSL uses session tickets.