Oracle 5.0 Reference Manual page 627

from a slave replication server to a master server; see
Options and Variables".)
Table 6.8. SSL Option/Variable Summary
Name Cmd-Line
have_openssl [455]
have_ssl [455]
skip-ssl [607] Yes
ssl [607] Yes
ssl-ca [608] Yes
- Variable: ssl_ca
ssl- Yes
capath [608]
- Variable:
ssl_capath
ssl-cert [608] Yes
- Variable:
ssl_cert
ssl-cipher [608] Yes
- Variable:
ssl_cipher
ssl-key [608] Yes
- Variable:
ssl_key
• [607]
--ssl
For the server, this option specifies that the server permits SSL connections. For a client program, it
permits the client to connect to the server using SSL, but this option is not sufficient in itself to cause
an SSL connection to be used. As a recommended set of options to enable SSL connections, use at
least [608]
--ssl-cert
client side.
[607] is implied by other
--ssl
options. For this reason,
explicitly in its opposite form to override other SSL options and indicate that SSL should not be used.
To do this, specify the option as
have SSL options specified in the
default when you invoke MySQL client programs. To use an unencrypted connection instead, invoke
the client program with
option file.
Use of [607]
--ssl
if you specify this option for a client program but the server has not been configured to permit SSL
connections, an unencrypted connection is used.
The secure way to require use of an SSL connection is to create a MySQL account that includes at
least a
REQUIRE SSL
be rejected unless MySQL supports SSL connections and the server and client have been started
with the proper SSL options.
The clause permits other SSL-related restrictions as well. These can be used for stricter
REQUIRE
requirements than
REQUIRE
Using SSL for Secure Connections
Option file
Yes
Yes
Yes
Yes
Yes
Yes
Yes
and [608]
--ssl-key
--ssl-xxx
[607] is not usually specified explicitly. It is more often used
--ssl
--skip-ssl
[client]
[607]
--skip-ssl
does not require an SSL connection to be used, it only permits it. For example,
clause in the
GRANT
SSL. The description of
607
Section 16.1.2, "Replication and Binary Logging
System Var Status Var
Yes
Yes
Yes
Yes
Yes
Yes
Yes
on the server side and
options as indicated in the descriptions for those
[607] or [607]. For example, you might
--ssl=0
group of your option file to use SSL connections by
on the command line to override the options in the
statement. In this case, connections for that account will
in
REQUIRE
Var Scope Dynamic
Global No
Global No
Global No
Global No
Global No
Global No
Global No
Global No
Global No
Global No
Global No
Global No
[608] on the
--ssl-ca
Section 13.7.1.3, "GRANT Syntax",