Proxsql Front-end connection

Hi, I am new to proxysql. Could anyone share the documentation for changing cipher in proxysql front-end connections ?

By Default DHE-RSA-AES256-SHA cipher used. I would like to enable TLSV1.2 cipher.

Any leads would be really helpful.
Thanks ahead!

1 Like

Hello, you should read this blog series SSL Encryption at ProxySQL Part 1 - ProxySQL

1 Like

Thanks for the prompt response. I have checked this doc where cipher for back-end connections are mentioned.
I would like to enable SSL for front-end connections with TLSV1.2 ciphers.

1 Like

I am assuming you tried changing:

ssl_p2s_cipher

I am not sure if you can use different cyphers for frontend and backend connections if that’s the question

1 Like

I need to enable SSL only for front-end connections. Sharing the configuration for better clarity.

+----------------------+-------------------------------+
| variable_name        | variable_value                |
+----------------------+-------------------------------+
| mysql-ssl_p2s_cipher | ECDHE-ECDSA-AES256-GCM-SHA384 |
+----------------------+-------------------------------+
1 row in set (0.00 sec)

Used the below command to confirm the cipher used.

mysql/bin/mysql -uadmin -p -P6032 -h127.0.0.1 -e '\s' | grep -P 'SSL|Connection'
Connection id:		1441
SSL:			Cipher in use is DHE-RSA-AES256-SHA
Connection:		127.0.0.1 via TCP/IP```


From this I could see only default cipher is used in front-end connections. Could anyone share the configuration to change the cipher.
1 Like

Ok, try adding this to the mysql client:

--ssl --ssl-cipher=ECDHE-ECDSA-AES256-GCM-SHA384
1 Like

Getting SSL connection error: Failed to set ciphers to use when ECDHE-ECDSA-AES256-GCM-SHA384 cipher is mentioned.

Able to connect only with default cipher.

Should I check the cert creation ?

1 Like