Help Center/ Relational Database Service_RDS for MySQL/ User Guide/ Security and Encryption/ Configuring an SSL Connection
Updated on 2025-08-20 GMT+08:00
View PDF
Share

Configuring an SSL Connection

Secure Socket Layer (SSL) is an encryption-based Internet security protocol for establishing an encrypted link between a server and a client. It provides authenticated Internet connections to ensure the privacy and integrity of online communications. SSL:

  • Authenticates users and servers, ensuring that data is sent to the correct clients and servers.
  • Encrypts data, preventing it from being intercepted during transmission.
  • Ensures data integrity during transmission.

Clients using versions earlier than 5.1 have SSL compatibility issues. By default, SSL is disabled for new RDS for MySQL instances. If your client has no SSL compatibility issues, you can enable SSL by referring to Enabling SSL. Enabling SSL will increase the network connection response time and CPU resource consumption. Before enabling it, evaluate any potential impacts on service performance. If a client cannot connect to the DB instance due to compatibility issues, upgrade the client and try again.

You can connect to a DB instance through a client using an SSL or non-SSL connection.

  • If SSL is disabled (default), use a non-SSL connection.
  • If SSL is enabled, use an SSL connection. SSL encrypts connections to the instance, making in-transit data more secure.

Constraints

  • Enabling or disabling SSL will cause instances to reboot and interrupt connections. Exercise caution when performing this operation.
  • You are advised to use the ECDHE-RSA-AES128-GCM-SHA256/ECDHE-RSA-AES256-GCM-SHA384/DHE-RSA-AES128-GCM-SHA256/DHE-RSA-AES256-GCM-SHA384 cipher suite. Submit a service ticket to configure the ssl_cipher parameter.

Procedure

  1. Click in the upper left corner and select a region.
  2. Click in the upper left corner of the page and choose Databases > Relational Database Service.
  3. On the Instances page, click the target instance name.
  4. On the Overview page, find SSL and click Enable.
  5. In the displayed dialog box, click OK.
  6. After a while, check the SSL status on the Overview page. It is enabled.
  1. Click in the upper left corner and select a region.
  2. Click in the upper left corner of the page and choose Databases > Relational Database Service.
  3. On the Instances page, click the target instance name.
  4. On the Overview page, find SSL and click Disable.
  5. In the displayed dialog box, click OK.
  6. After a while, check the SSL status on the Overview page. It is disabled.
Parent Topic: Security and Encryption