Rechercher dans le manuel MySQL
20.5.3 Using Secure Connections with X Plugin
This section explains how to configure X Plugin to use secure connections. For more background information, see Section 6.3, “Using Encrypted Connections”.
X Plugin has its own SSL settings which can differ from
those used with MySQL Server. This means that X Plugin can
be configured with a different SSL key, certificate, and
certificate authorities file than MySQL Server. Similarly,
X Plugin has its own SSL status variables calculated
independently from the MySQL Server SSL related variables. By
default the X Plugin SSL configuration is taken from the
mysqlx_ssl_* variables, described at
Section 20.5.5.2, “X Plugin Options and System Variables”. If no
configuration is provided using the
mysqlx_ssl_* variables, X Plugin falls
back to using the MySQL Server SSL system variables. This means
you can choose to either have separate SSL configurations for
MySQL Protocol and X Protocol connections by configuring
each separately, or share the SSL configuration between MySQL
Protocol and X Protocol connections by only configuring the
ssl-* variables.
On a server with X Plugin installed, to configure MySQL
Protocol and X Protocol connections with separate SSL
configurations use both the ssl-* and
mysqlx-ssl-* variables in
my.cnf:
[mysqld]
ssl-ca=ca1.pem
ssl-cert=server-cert1.pem
ssl-key=server-key1.pem
mysqlx-ssl-ca=ca2.pem
mysqlx-ssl-cert=server-cert2.pem
mysqlx-ssl-key=server-key2.pem
The available mysqlx_ssl_* variables mirror the
SSL variables in MySQL Server, so the files and techniques
described for configuring MySQL Server to use SSL at
Section 6.3.1, “Configuring MySQL to Use Encrypted Connections” are relevant to
configuring X Plugin to use secure connections.
You can configure the TLS versions used by X Protocol SSL
connections using the tls_version
system variable. The TLS version used by MySQL Protocol and
X Protocol connections is therefore the same TLS version.
Encryption per connection is optional, but a specific user can be
forced to use encryption for X Protocol and MySQL Protocol
connections. You configure such a user by issuing a
GRANT statement with the
REQUIRE option. For more details see
Section 13.7.1.6, “GRANT Syntax”. Alternatively all X Protocol and
MySQL Protocol connections can be forced to use encryption by
setting require_secure_transport.
Document created the 26/06/2006, last modified the 26/10/2018
Source of the printed document:https://www.gaudry.be/en/mysql-rf-x-plugin-ssl-connections.html
The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.
References
These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.
