MySQL Variables ssl_cipher 数据库 参数变量解释及正确配置使用
本站中文解释
SSL_CIPHER用于控制MySQL服务器上可以支持的TLS/SSL加密套件组合。在默认情况下,MySQL将使用TLS v1.0以后的标准协议和高强度加密机制,其中包括ECDHE-RSA-AES256-GCM-SHA384和DHE-RSA-AES256-GCM-SHA384等。考虑到安全性和性能,您可以根据实际情况仅包含最佳加密套件并极大地减少SSL_CIPHER。若要设置SSL_CIPHER,您可以编辑的MySQL配置文件my.cnf,添加ssl-cipher参数,例如ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384 。
官方英文解释
ssl_cipher
| Command-Line Format | --ssl-cipher=name |
|---|---|
| System Variable | ssl_cipher |
| Scope | Global |
| Dynamic | No |
| Type | String |
| Default Value | NULL |
The list of permissible ciphers for connection encryption. If
no cipher in the list is supported, encrypted connections do
not work.
For greatest portability, the cipher list should be a list of
one or more cipher names, separated by colons. This format is
understood both by OpenSSL and yaSSL. The following example
shows two cipher names separated by a colon:
[mysqld] ssl_cipher="DHE-RSA-AES128-GCM-SHA256:AES128-SHA"
OpenSSL supports a more flexible syntax for specifying
ciphers, as described in the OpenSSL documentation at
https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html.
yaSSL does not, so attempts to use that extended syntax fail
for a MySQL distribution compiled using yaSSL.
For information about which encryption ciphers MySQL supports,
see Section 6.3.2, “Encrypted Connection TLS Protocols and Ciphers”.
