WL#13392: Support for TLS 1.3 in Asynchronous Replication

Affects: Server-8.0   —   Status: Complete

EXECUTIVE SUMMARY
=================

WL#12361: "Support TLS 1.3 in the server and libmysql" implemented
support for TLS 1.3 in the connections between MySQL clients and
servers. It includes the connections established through
asynchronous replication, which use the same library - libmysql,
that is, a slave server can establish its connection to a master
using TLS 1.3. Though the TLS 1.3 configuration was not implemented
on replication connections, there is no user interface to a DBA set
the allowed ciphersuites.

The DBA can now restrict the master server's TLS configuration to
TLS 1.3 and a single TLS 1.3 ciphersuite that is not enabled by
default, e.g., --tls-version=TLSv1.3 and
--tls-ciphersuites=TLS_AES_128_CCM_8_SHA256[1]. Replication slaves
cannot connect to the master with such configurations.
This also breaks Group Replication incremental recovery since it
uses a asynchronous replication channel.

To allow such configuration this worklog will implement:
 1. MASTER_TLS_CIPHERSUITES option on CHANGE MASTER command;
 2. group_replication_recovery_tls_version plugin option;
 3. group_replication_recovery_tls_ciphersuites plugin option.


USER STORIES
============

- As a system developer using MySQL I want to be able to specify
  which ciphersuites are allowed when I configure a replication
  slave to use TLS 1.3 encrypted connection.

- As a system developer using MySQL I want to be able to specify
  which ciphersuites are allowed when I configure a Group
  Replication member to use TLS 1.3 encrypted connections.


[1] https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html