TLS for MySQL at large scale
At the Wikimedia Foundation, we aim for perfect privacy of our users. That means not only enforcing TLS (https) between our users and the datacenters but all intermediate steps, including database access.
When you are a top 5 website with hundreds of thousands of queries per second and billions of users but a very limited budget, that is not easy, especially for MySQL. This is a description of our experience, including operational and performance pain points, of rolling out encryption.
We also talk about what has changed in the ecosystem since the introduction of MySQL 8.0 and MariaDB 10.3.