If the connections between the client and MySQL server are not encrypted, anyone who has access to the network could inspect the data. If the client and server are in different data centers, it is recommended to use encrypted connections. By default, MySQL 8 uses an encrypted connection, but if the encrypted connection fails, it falls back to an unencrypted connection. You can test that by checking the status of the Ssl_cipher
variable. If the connection is established by localhost
, cipher won't be used:
mysql> SHOW STATUS LIKE 'Ssl_cipher'; +---------------+--------------------+ | Variable_name | Value | +---------------+--------------------+ | Ssl_cipher | DHE-RSA-AES256-SHA | +---------------+--------------------+ 1 row in set (0.00 sec)
If you are not using SSL, Ssl_cipher
will be blank.
You can mandate some users to connect only through an encrypted connection (by specifying the REQUIRE SSL
clause) and leave it as optional...