Movatterモバイル変換

This section explains how to configure X Plugin to use encrypted connections. For more background information, seeSection 6.3, “Using Encrypted Connections”.

To enable configuring support for encrypted connections, X Plugin hasmysqlx_ssl_xxx system variables, which can have different values from thessl_xxx system variables used with MySQL Server. For example, X Plugin can have SSL key, certificate, and certificate authority files that differ from those used for MySQL Server. These variables are described atSection 19.4.2.2, “X Plugin Options and System Variables”. Similarly, X Plugin has its ownMysqlx_ssl_xxx status variables that correspond to the MySQL Server encrypted-connectionSsl_xxx status variables. SeeSection 19.4.2.3, “X Plugin Status Variables”.

At initialization, X Plugin determines its configuration for encrypted connections as follows:

This means that, on a server with X Plugin enabled, you can choose to have MySQL Protocol and X Protocol connections share the same encryption configuration by setting only thessl_xxx variables, or have separate encryption configurations for MySQL Protocol and X Protocol connections by configuring thessl_xxx andmysqlx_ssl_xxx variables separately.

To have MySQL Protocol and X Protocol connections use the same encryption configuration, set only thessl_xxx system variables inmy.cnf:

[mysqld]ssl_ca=ca.pemssl_cert=server-cert.pemssl_key=server-key.pem

To configure encryption separately for MySQL Protocol and X Protocol connections, set both thessl_xxx andmysqlx_ssl_xxx system variables inmy.cnf:

[mysqld]ssl_ca=ca1.pemssl_cert=server-cert1.pemssl_key=server-key1.pemmysqlx_ssl_ca=ca2.pemmysqlx_ssl_cert=server-cert2.pemmysqlx_ssl_key=server-key2.pem

For general information about configuring connection-encryption support, seeSection 6.3.1, “Configuring MySQL to Use Encrypted Connections”. That discussion is written for MySQL Server, but the parameter names are similar for X Plugin. (The X Pluginmysqlx_ssl_xxx system variable names correspond to the MySQL Serverssl_xxx system variable names.)

Thetls_version system variable that determines the permitted TLS versions for MySQL Protocol connections also applies to X Protocol connections. The permitted TLS versions for both types of connections are therefore the same.

Encryption per connection is optional, but a specific user can be required to use encryption for X Protocol and MySQL Protocol connections by including an appropriateREQUIRE clause in theCREATE USER statement that creates the user. For details, seeSection 13.7.1.2, “CREATE USER Statement”. Alternatively, to require all users to use encryption for X Protocol and MySQL Protocol connections, enable therequire_secure_transport system variable. For additional information, seeConfiguring Encrypted Connections as Mandatory.