Documentation Home
Security in MySQL
Related Documentation Download this Excerpt
PDF (US Ltr) - 0.7Mb
PDF (A4) - 0.7Mb
HTML Download (TGZ) - 147.4Kb
HTML Download (Zip) - 155.3Kb

Security in MySQL  /  Using Encrypted Connections  /  SSL Library-Dependent Capabilities

5.3 SSL Library-Dependent Capabilities

MySQL can be compiled using OpenSSL or yaSSL, both of which enable encrypted connections based on the OpenSSL API:

OpenSSL and yaSSL offer the same basic functionality, but additional features are available in MySQL distributions compiled using OpenSSL:

  • OpenSSL supports a more flexible syntax for specifying ciphers for the --ssl-cipher option, and supports a wider range of encryption ciphers from which to choose. See Command Options for Encrypted Connections, and Section 5.5, “Encrypted Connection Protocols and Ciphers”.

  • OpenSSL supports the --ssl-capath option. MySQL distributions compiled using yaSSL do not because yaSSL does not look in any directory and do not follow a chained certificate tree. yaSSL requires that all components of the CA certificate tree be contained within a single CA certificate tree and that each certificate in the file has a unique SubjectName value. To work around this limitation, concatenate the individual certificate files comprising the certificate tree into a new file and specify that file as the value of the --ssl-ca option.