Buy Percona ServicesBuy Now!

Support for TLS v1.1 and v1.2

Percona Server has implemented TLS v1.1 and v1.2 protocol support and at the same time disabled TLS v1.0 support (support for TLS v1.0 can be enabled by adding the TLSv1 to tls_version variable). Support for TLS v1.1 and v1.2 protocols has been implemented by porting the tls_version variable from 5.7 server. TLS v1.0 protocol has been disabled because it will no longer be viable for PCI after June 30th 2016. Variable default has been changed from TLSv1,TLSv1.1,TLSv1.2 to TLSv1.1,TLSv1.2 to disable the support for TLS v1.0 by default.

The client-side has the ability to make TLSv1.1 and 1.2 connections, but the option to allow only some protocol versions (--tls-version, MYSQL_OPT_TLS_VERSION in C API) has not been backported due to compatibility concerns and relatively easy option to use 5.7 clients instead if needed. Note: MASTER_TLS_VERSION clause of CHANGE MASTER TO statement has not been backported.

Version Specific Information

  • 5.5.50-38.0: Implemented support for TLS v1.1 and TLS v1.2 protocols

System Variables

variable tls_version
Version Info:
Command Line:

Yes

Config File:

Yes

Scope:

Global

Dynamic:

No

Variable Type:

String

Default Value:

TLSv1.1,TLSv1.2

This variable defines protocols permitted by the server for encrypted connections.

variable have_tlsv1_2
Version Info:
Command Line:

Yes

Config File:

No

Scope:

Global

Dynamic:

No

Variable Type:

Boolean

This server variable is set to ON if the server has been compiled with a SSL library providing TLSv1.2 support.

Visit Percona Store


General Inquiries

For general inquiries, please send us your question and someone will contact you.