Using SSL for Secure Connections
607
from a slave replication server to a master server; see
Section 16.1.2, “Replication and Binary Logging
Options and Variables”
.)
Table 6.8. SSL Option/Variable Summary
Name
Cmd-Line
Option file
System Var Status Var
Var Scope
Dynamic
have_openssl [455]
Yes
Global
No
have_ssl [455]
Yes
Global
No
skip-ssl [607]
Yes
Yes
ssl [607]
Yes
Yes
ssl-ca [608]
Yes
Yes
Global
No
- Variable: ssl_ca
Yes
Global
No
ssl-
capath [608]
Yes
Yes
Global
No
- Variable:
ssl_capath
Yes
Global
No
ssl-cert [608]
Yes
Yes
Global
No
- Variable:
ssl_cert
Yes
Global
No
ssl-cipher [608]
Yes
Yes
Global
No
- Variable:
ssl_cipher
Yes
Global
No
ssl-key [608]
Yes
Yes
Global
No
- Variable:
ssl_key
Yes
Global
No
•
--ssl
[607]
For the server, this option specifies that the server permits SSL connections. For a client program, it
permits the client to connect to the server using SSL, but this option is not sufficient in itself to cause
an SSL connection to be used. As a recommended set of options to enable SSL connections, use at
least
--ssl-cert
[608]
and
--ssl-key
[608]
on the server side and
--ssl-ca
[608]
on the
client side.
--ssl
[607]
is implied by other
--ssl-xxx
options as indicated in the descriptions for those
options. For this reason,
--ssl
[607]
is not usually specified explicitly. It is more often used
explicitly in its opposite form to override other SSL options and indicate that SSL should not be used.
To do this, specify the option as
--skip-ssl
[607]
or
--ssl=0
[607]
. For example, you might
have SSL options specified in the
[client]
group of your option file to use SSL connections by
default when you invoke MySQL client programs. To use an unencrypted connection instead, invoke
the client program with
--skip-ssl
[607]
on the command line to override the options in the
option file.
Use of
--ssl
[607]
does not require an SSL connection to be used, it only permits it. For example,
if you specify this option for a client program but the server has not been configured to permit SSL
connections, an unencrypted connection is used.
The secure way to require use of an SSL connection is to create a MySQL account that includes at
least a
REQUIRE SSL
clause in the
GRANT
statement. In this case, connections for that account will
be rejected unless MySQL supports SSL connections and the server and client have been started
with the proper SSL options.
The
REQUIRE
clause permits other SSL-related restrictions as well. These can be used for stricter
requirements than
REQUIRE SSL
. The description of
REQUIRE
in
Section 13.7.1.3, “
GRANT
Syntax”
,
Содержание 5.0
Страница 1: ...MySQL 5 0 Reference Manual ...
Страница 18: ...xviii ...
Страница 60: ...40 ...
Страница 396: ...376 ...
Страница 578: ...558 ...
Страница 636: ...616 ...
Страница 844: ...824 ...
Страница 1234: ...1214 ...
Страница 1426: ...MySQL Proxy Scripting 1406 The following diagram shows an overview of the classes exposed by MySQL Proxy ...
Страница 1427: ...MySQL Proxy Scripting 1407 ...
Страница 1734: ...1714 ...
Страница 1752: ...1732 ...
Страница 1783: ...Configuring Connector ODBC 1763 ...
Страница 1793: ...Connector ODBC Examples 1773 ...
Страница 1839: ...Connector Net Installation 1819 2 You must choose the type of installation to perform ...
Страница 1842: ...Connector Net Installation 1822 5 Once the installation has been completed click Finish to exit the installer ...
Страница 1864: ...Connector Net Visual Studio Integration 1844 Figure 20 24 Debug Stepping Figure 20 25 Function Stepping 1 of 2 ...
Страница 2850: ...2830 ...
Страница 2854: ...2834 ...
Страница 2928: ...2908 ...
Страница 3000: ...2980 ...
Страница 3122: ...3102 ...
Страница 3126: ...3106 ...
Страница 3174: ...3154 ...
Страница 3232: ...3212 ...