Documentation Home
Security in MySQL
Related Documentation Download this Excerpt
PDF (US Ltr) - 0.7Mb
PDF (A4) - 0.7Mb
HTML Download (TGZ) - 147.4Kb
HTML Download (Zip) - 155.2Kb


Security in MySQL  /  Using Encrypted Connections  /  Building MySQL with Support for Encrypted Connections

5.4 Building MySQL with Support for Encrypted Connections

To use encrypted connections between the MySQL server and client programs, your system must support either OpenSSL or yaSSL:

  • MySQL Enterprise Edition binary distributions are compiled using yaSSL.

  • MySQL Community Edition binary distributions are compiled using yaSSL.

  • MySQL Community Edition source distributions can be compiled using either OpenSSL or yaSSL.

If you compile MySQL from a source distribution, CMake configures the distribution to use yaSSL by default. To compile using OpenSSL instead, use this procedure:

  1. Ensure that OpenSSL 1.0.1 or higher is installed on your system. If it is necessary to obtain OpenSSL, visit http://www.openssl.org.

  2. The WITH_SSL CMake option determines which SSL library to use for compiling MySQL (see MySQL Source-Configuration Options). The default is -DWITH_SSL=bundled, which uses yaSSL. To use OpenSSL, add the -DWITH_SSL=system option to the CMake command you normally use to configure the MySQL source distribution. For example:

    cmake . -DWITH_SSL=system

    That command configures the distribution to use the installed OpenSSL library.

  3. Compile and install the distribution.

To check whether a mysqld server supports encrypted connections, examine the value of the have_ssl system variable:

mysql> SHOW VARIABLES LIKE 'have_ssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_ssl      | YES   |
+---------------+-------+

If the value is YES, the server supports encrypted connections. If the value is DISABLED, the server is capable of supporting encrypted connections but was not started with the appropriate --ssl-xxx options to enable encrypted connections to be used; see Section 5.1, “Configuring MySQL to Use Encrypted Connections”.