Help Center> Document Database Service> User Guide> Data Security> Enabling or Disabling SSL
Updated on 2023-12-13 GMT+08:00
View PDF

Enabling or Disabling SSL

Secure Socket Layer (SSL) is an encryption-based Internet security protocol for establishing an encrypted link between a server and a client. It provides privacy, authentication, and integrity to Internet communications.

  • Authenticates users and servers, ensuring that data is sent to the correct clients and servers.
  • Encrypts data to prevent it from being intercepted during transfer.
  • Ensures data integrity during transmission.

After SSL is enabled, you can establish an encrypted connection between your client and the instance you want to access to improve data security.

Precautions

  • Enabling or disabling SSL will cause instances to restart. Exercise caution when performing this operation.

    When you enable or disable SSL, DDS will restart once. During the restart, each node will be intermittently disconnected for about 30 seconds. You are advised to enable or disable SSL during off-peak hours and ensure that your applications support automatic reconnection.

  • If SSL is enabled, you can connect to a database using SSL, which is more secure.
    Currently, insecure encryption algorithms are disabled. The following table lists the supported TLS versions and cipher suites.

    Version

    TLS Version

    Cipher Suites

    3.4

    TLS 1.2

    AES256-GCM-SHA384 AES128-GCM-SHA256

    4.0

    TLS 1.2

    DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256

    The server where the client is located must support the corresponding TLS version and encryption algorithm suite. Otherwise, the connection fails.

  • If SSL is disabled, you can connect to a database using an unencrypted connection.

Enabling SSL

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and a project.
  3. Click in the upper left corner of the page and choose Databases > Document Database Service.
  4. On the Instances page, click the target DB instance.
  5. In the DB Information area on the Basic Information page, click next to the SSL field.

    Figure 1 Enabling SSL

    Alternatively, in the navigation pane on the left, choose Connections. In the Basic Information area, click next to the SSL field.

    Figure 2 Enabling SSL

  6. In the displayed dialog box, click Yes.
  7. In the Basic Information area, view the modification result.

    Figure 3 SSL enabled

  8. After SSL is enabled, click next to SSL to download an SSL certificate.

    For details about how to connect to an instance using SSL, refer to the following content:

Disabling SSL

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and a project.
  3. Click in the upper left corner of the page and choose Databases > Document Database Service.
  4. On the Instances page, click the target DB instance.
  5. In the DB Information area on the Basic Information page, click next to the SSL field.

    Figure 4 Disabling SSL

    Alternatively, in the navigation pane on the left, choose Connections. In the Basic Information area, click next to the SSL field.

    Figure 5 Disabling SSL

  6. In the displayed dialog box, click Yes.
  7. In the Basic Information area, view the modification result.

    Figure 6 SSL disabled

  8. Connect to an instance using an unencrypted connection.

    For details, refer to the following content:

Parent topic: Data Security