My question is i have not provided any client ssl certificates while connecting to mysql server.But it got connected and ssl is enabled.How come this is possible?
The way SSL/TLS works in 5.7 and 8.0 changed. In summary, there is a TLS negotiation much like how web browsers work, so you no longer need to have the certificates on each machine unless you want to fully verify the X509 path within the certificate.
hii @matthewb thanks for ur answers and can u say how to connect to percona xtradb cluster nodes from spring boot application with SSL
I don’t know what spring boot is, but in general, copy the ca.pem and the client key and cert files from /var/lib/mysql to the application server and use those when you make the connection.
Thanks @matthewb for your reply.Can u help me in one thing .I want to enable frontend encryption to proxySQL.i enabled it .
And from remote machine iam trying to connect to proxysql
Can u tell me the command or any any source on how to connect to proxysql with ssl
You need to load SSL certificates into proxysql and configure the proxysql variables. ProxySQL can use different certificates for frontend and backend. Frontend must be explicitly configured.
Hii @matthewb iam facing one issue in percona xtradb cluster.
I made a cluster with 3 nodes ,all nodes are synced and working fine.
but in logs i can see
After some time one of my node is getting disconnected from cluster.
Can u help me to solve this.
Note: iam using proxySql as load balancer.
A quick google search found this: Truncate long connection attributes · Issue #3501 · sysown/proxysql · GitHub
You may need to upgrade ProxySQL to the absolute latest version.
Hii @matthewb thanks for ur reply .Now actually i shifted to HA Proxy and offed the ProxySql.But still in mysql logs i can see the same error.[connection attributes of length 571 were truncated(77 bytes lost) for connection …]
Can anyone help me in solving this?
HAProxy is not as feature-rich/powerful as ProxySQL and I recommend you switch back to ProxySQL 2.0. I use ProxySQL 2.* along with PXC 8.* in our training classes, fully SSL everywhere, with no issues.