Hi, I am new to proxysql. Could anyone share the documentation for changing cipher in proxysql front-end connections ?
By Default DHE-RSA-AES256-SHA cipher used. I would like to enable TLSV1.2 cipher.
Any leads would be really helpful.
Thanks ahead!
1 Like
Thanks for the prompt response. I have checked this doc where cipher for back-end connections are mentioned.
I would like to enable SSL for front-end connections with TLSV1.2 ciphers.
1 Like
I am assuming you tried changing:
ssl_p2s_cipher
I am not sure if you can use different cyphers for frontend and backend connections if that’s the question
1 Like
I need to enable SSL only for front-end connections. Sharing the configuration for better clarity.
+----------------------+-------------------------------+
| variable_name | variable_value |
+----------------------+-------------------------------+
| mysql-ssl_p2s_cipher | ECDHE-ECDSA-AES256-GCM-SHA384 |
+----------------------+-------------------------------+
1 row in set (0.00 sec)
Used the below command to confirm the cipher used.
mysql/bin/mysql -uadmin -p -P6032 -h127.0.0.1 -e '\s' | grep -P 'SSL|Connection'
Connection id: 1441
SSL: Cipher in use is DHE-RSA-AES256-SHA
Connection: 127.0.0.1 via TCP/IP```
From this I could see only default cipher is used in front-end connections. Could anyone share the configuration to change the cipher.
1 Like
Ok, try adding this to the mysql client:
--ssl --ssl-cipher=ECDHE-ECDSA-AES256-GCM-SHA384
1 Like
Getting SSL connection error: Failed to set ciphers to use
when ECDHE-ECDSA-AES256-GCM-SHA384 cipher is mentioned.
Able to connect only with default cipher.
Should I check the cert creation ?
1 Like