When using the MySQL communication stack
AND secure connections between members
not set to
DISABLED), the security settings
discussed in this section are applied not just to distributed
recovery connections, but to group communications between
members in general.
When a member joins the group, distributed recovery is carried out using a combination of a remote cloning operation, if available and appropriate, and an asynchronous replication connection. For a full description of distributed recovery, see Section 18.5.4, “Distributed Recovery”.
Up to MySQL 8.0.20, group members offer their standard SQL client
connection to joining members for distributed recovery, as
specified by MySQL Server's
port system variables. From MySQL
8.0.21, group members may advertise an alternative list of
distributed recovery endpoints as dedicated client connections for
joining members. For more details, see
Section 18.104.22.168, “Connections for Distributed Recovery”.
Notice that such connections offered to a joining member for
distributed recovery is not the same
connections that are used by Group Replication for communication
between online members when the XCom communication stack is used
for group communications
To secure distributed recovery connections in the group, ensure that user credentials for the replication user are properly secured, and use SSL for distributed recovery connections if possible.