Documentation Home
MySQL 8.0 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 37.7Mb
PDF (A4) - 37.7Mb
PDF (RPM) - 33.8Mb
HTML Download (TGZ) - 8.4Mb
HTML Download (Zip) - 8.4Mb
HTML Download (RPM) - 7.3Mb
Man Pages (TGZ) - 130.0Kb
Man Pages (Zip) - 185.6Kb
Info (Gzip) - 3.3Mb
Info (Zip) - 3.3Mb


Pre-General Availability Draft: 2018-02-16

19.2.1.3 Using Encrypted Connections

Using encrypted connections is possible when connecting to a TLS (sometimes referred to as SSL) enabled MySQL server. Much of the configuration of MySQL Shell is based on the options used by MySQL server, see Section 6.4, “Using Encrypted Connections” for more information.

To configure an encrypted connection at startup of MySQL Shell, use the following command options:

  • --ssl : Deprecated, to be removed in a future version. This option enables or disables encrypted connections.

  • --ssl-mode : This option specifies the security state of the connection to the server.

  • --ssl-ca=filename: The path to a file in PEM format that contains a list of trusted SSL Certificate Authorities.

  • --ssl-capath=directory: The path to a directory that contains trusted SSL Certificate Authority certificates in PEM format.

  • --ssl-cert=filename: The name of the SSL certificate file in PEM format to use for establishing an encrypted connection.

  • --ssl-cipher=name: The name of the SSL cipher to use for establishing an encrypted connection.

  • --ssl-key=filename: The name of the SSL key file in PEM format to use for establishing an encrypted connection.

  • --ssl-crl=name: The path to a file containing certificate revocation lists in PEM format.

  • --ssl-crlpath=directory: The path to a directory that contains files containing certificate revocation lists in PEM format.

  • --tls-version=version: The TLS protocols permitted for encrypted connections.

Alternatively the SSL options can be encoded as part of a URI type string as part of the query element. The available SSL options are the same as those listed above, but written without the proceeding hyphens. For example ssl-ca is the equivalent of --ssl-ca.

Paths specified in a URI type string must be percent encoded, for example:

ssluser@127.0.0.1?ssl-ca%3D%2Froot%2Fclientcert%2Fca-cert.pem%26ssl-cert%3D%2Fro\
ot%2Fclientcert%2Fclient-cert.pem%26ssl-key%3D%2Froot%2Fclientcert%2Fclient-key
.pem

See Section 19.2.1.1, “Connecting using a URI String” for more information.


User Comments
Sign Up Login You must be logged in to post a comment.