Large Scale Deployment of SSL/TLS For MySQL

Thursday 4:40 PM - 5:05 PM

@ Hill Country C


25 minutes conference


MySQL, Database Security

Deploying SSL/TLS with MySQL at on thousands of servers is not without issues.

In this session I'll tell you what steps we took, what problems we hit, and how we improved various parts of the MySQL ecosystem while doing so.

To start we go over the basics: Which TLS settings are there in MySQL and MariaDB and how does this differ from HTTPS as used in browsers. And why do we want TLS in the first place? Is TLS and SSL the same thing?

The first set of problems is inside MySQL: YaSSL vs. OpenSSL, verification issues and reloading of certificates.

The second set of problems is inside Connectors: I'll touch on DBD::mysql (Perl), Go-MySQL-Driver, libmysqlclient (C)
Not all connectors have the same options and defaults. I'll go into TLSv1.2 support.

The third set of problems is tools: Using the require_secure_transport option caused issues with Percona Toolkit and Orchestrator.

I'll also cover: RSA v.s EC, security issues I found and how I wrote a Proxy for MySQL


Daniël van Eeden

Daniël van Eeden (

Senior Database Engineer


Open Source enthusiast. Contributor to various projects in the MySQL ecosystem.


  Download Slides  

Connect with Percona

Stay Connected on:

Percona Live Conferences

The Percona Live Open Source Database Conferences are the premier event for the diverse and active open source database community, as well as businesses that develop and use open source database software.

Contact Us

For general information about the event/expo/conference, including registration, please contact us at:

  • info(@)
  • +1-888-401-3401
  • +1-919-948-2863