Configuring an SSL Connection
Secure Socket Layer (SSL) is an encryption-based Internet security protocol for establishing an encrypted link between a server and a client. It provides authenticated Internet connections to ensure the privacy and integrity of online communications. SSL:
- Authenticates users and servers, ensuring that data is sent to the correct clients and servers.
- Encrypts data, preventing it from being intercepted during transmission.
- Ensures data integrity during transmission.
Clients using versions earlier than 5.1 have SSL compatibility issues. By default, SSL is disabled for new RDS for MySQL instances. If your client has no SSL compatibility issues, you can enable SSL by referring to Enabling SSL. Enabling SSL will increase the network connection response time and CPU resource consumption. Before enabling it, evaluate any potential impacts on service performance.
You can connect to a DB instance through a client using an SSL or non-SSL connection.
- If SSL is enabled, you can connect to the instance using an SSL or non-SSL connection. The SSL connection encrypts data and is more secure.
- If SSL is disabled, you can only connect to the instance using a non-SSL connection.
Enabling or disabling SSL will cause DB instances to reboot and interrupt connections. Exercise caution when performing this operation.
To enhance security, the cipher suite ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, or DHE-RSA-AES256-GCM-SHA384 is recommended for SSL connection.
Enabling SSL
- Log in to the management console.
- Click in the upper left corner of the page and choose Databases > Relational Database Service.
- On the Instances page, click the target DB instance.
- In the DB Information area on the Basic Information page, click next to the SSL field.
- In the displayed dialog box, click OK.
- Wait for some seconds and check that SSL has been enabled on the Basic Information page.
Disabling SSL
- Log in to the management console.
- Click in the upper left corner of the page and choose Databases > Relational Database Service.
- On the Instances page, click the target DB instance.
- In the DB Information area on the Basic Information page, click next to the SSL field.
- In the displayed dialog box, click OK.
- Wait for some seconds and check that SSL has been disabled on the Basic Information page.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.