WL#14582: Deprecate the use of TLS v1.0 and v1.1
Affects: Server-8.0 — Status: Complete
Follow https://tools.ietf.org/id/draft-ietf-tls-oldversions-deprecate-02.html the use of TLSv1.0 and TLSv1.1 should be deprecated.
MySQL Router uses TLS
- on the routing ports
- on http ports
- between router and metadata-servers
TLSv1.0 and TLSv1.1 connections will fail at the router
is accepting a TLS connection (
When passing through the TLS connections to the server (
client_ssl_mode=PASSTHROUGH) the router does not interfere with the TLS handshake and it is up to the server to allow/deny the TLS connection.
TLSv1.0 and TLSv1.1 connections fail.
between router and metadata servers
MySQL Router uses
libmysqlclient to connect to the metadata servers.
The allowed TLS version for those connections is controlled via:
The allowed values of
tls_version allow specifying TLSv1.0 and TLSv1.1.
- deprecate the use of
- No new warnings are logged by the router if a TLSv1.0 or TLSv1.1 is established.
Copyright (c) 2000, 2023, Oracle Corporation and/or its affiliates. All rights reserved.