Enhancing Security of MySQL Connections using SSL certificates
Mydbops MyWebinar Edition 26
In this informative presentation by Mydbops, explore the world of database security as we delve into the steps to fortify your MySQL connections using SSL certificates. Learn about the working of SSL, the benefits of SSL/TLS encryption, the types of certificates available, and the evolution of SSL/TLS in MySQL. Discover why securing your remote connections and data confidentiality is crucial. Plus, find out how to enable SSL connections in MySQL 8.0. Don't miss this opportunity to bolster your MySQL security knowledge.
Watch the webinar recording https://youtu.be/aMSUtQVdFks
Visit our Mydbops blog https://www.mydbops.com/blog/ for further insights.
Enhancing Security of MySQL Connections using SSL certificates
1. Enhancing Security of
MySQL Connections
Presented by
Maha Lakshmi G
Mydbops
Sep 2rd, 2023
Mydbops My Webinar - 26
2. About Me
Maha Lakshmi G
● Interested in MySQL and MySQL
ecosystem, InnoDB internals and
Performance Troubleshooting
● MySQL Blogger
● Database Engineer
4. Agenda
➢ Abstract
➢ Working of SSL
➢ Benefits of enabling SSL in MySQL
➢ Types of SSL Certificates
➢ Evolution of SSL in MySQL
➢ Enabling SSL Connections (MySQL 8.0)
6. Abstract
➢ Secure Sockets Layer (SSL) is an industry-standard protocol for
securing network connections between client and server.
➢ If you want to connect to a MySQL server from a remote system, it is
recommended to secure it with SSL/TLS.
➢ Enabling SSL/TLS will encrypt the data being sent to and from the
databases ensuring the remote connections in the secured fashion.
8. Client Server
1. Hello, let’s initiate a secure SSL session
2. Hello, Here’s my encrypted public key/ certificate
Valid
or not
3. If certificate is ok, sends an encryption key(encrypted
using server’s public key) for a SSL session
5. and delivers encrypted content
with key to the client
Handshake
completes
4. Server decrypts the
key(using it’s private key)
Working of SSL
12. Types of SSL Certificates
SSL certificates (generally refer to X.509 certificates) are digital
documents that verify the authenticity of a server.
➢ Self-Signed Certificates
○ generated by the server itself using tools like OpenSSL
auto_generate_certs, sha256_password_auto_generate_rsa_keys,
caching_sha2_password_auto_generate_rsa_keys system variables controls
generation of the SSL/ RSA files
13. Types of SSL Certificates
○ CA-Signed Certificates (Also known as Publicly-Signed
Certificates)
■ signed by a publicly trusted certificate authority (CA) like
Comodo
○ Wildcard Certificates
■ secure various server instances or IP addresses using a
unified certificate authorized by CA
15. Evolution of SSL in MySQL
○ MySQL supports encrypted connections between clients and
the server using the TLS (Transport Layer Security) protocol.
○ TLS is sometimes referred to as SSL (Secure Sockets Layer)
○ But MySQL does not actually use the SSL protocol for
encrypted connections because its encryption is weak
16. Evolution of SSL/TLS in MySQL
MySQL Server
Release
TLS Protocols
Supported
>= 5.7.35
< 5.7.35
TLSv1
TLSv1.1
TLSv1.2
TLSv1.2
TLSv1.3
17. Evolution of SSL/TLS in MySQL
MySQL Server
Release
TLS Protocols
Supported
<= 8.0.15
>=8.0.26
>=8.0.16
<=8.0.25
TLSv1
TLSv1.1
TLSv1.2
TLSv1.3
¸TLSv1
TLSv1.1
TLSv1.2
TLSv1.2
TLSv1.3