Updated on 2024-03-15 GMT+08:00

Configuring an SSL Connection

Secure Socket Layer (SSL) is an encryption-based Internet security protocol for establishing an encrypted link between a server and a client. It provides authenticated Internet connections to ensure the privacy and integrity of online communications. SSL:

  • Authenticates users and servers, ensuring that data is sent to the correct clients and servers.
  • Encrypts data, preventing it from being intercepted during transmission.
  • Ensures data integrity during transmission.

Clients using versions earlier than 5.1 have SSL compatibility issues. By default, SSL is disabled for new RDS for MySQL instances. If your client has no SSL compatibility issues, you can enable SSL by referring to Enabling SSL. Enabling SSL will increase the network connection response time and CPU resource consumption. Before enabling it, evaluate any potential impacts on service performance.

You can connect to a DB instance through a non-SSL connection or an SSL connection.

  • If SSL is enabled, your connection will be more secure.
  • If SSL is disabled, you can connect to a database using a non-SSL connection.

Enabling or disabling SSL will cause DB instances to reboot and interrupt connections. Exercise caution when performing this operation.

To enhance security, the cipher suite ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, or DHE-RSA-AES256-GCM-SHA384 is recommended for SSL connection. To use these cipher suites, contact customer service to configure the ssl_cipher parameter.

Enabling SSL

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and a project.
  3. Click in the upper left corner of the page and choose Databases > Relational Database Service.
  4. On the Instances page, click the target DB instance.
  5. In the DB Information area on the Basic Information page, click next to the SSL field.
  6. In the displayed dialog box, click OK.
  7. Wait for some seconds and check that SSL has been enabled on the Basic Information page.

Disabling SSL

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and a project.
  3. Click in the upper left corner of the page and choose Databases > Relational Database Service.
  4. On the Instances page, click the target DB instance.
  5. In the DB Information area on the Basic Information page, click next to the SSL field.
  6. In the displayed dialog box, click OK.
  7. Wait for some seconds and check that SSL has been disabled on the Basic Information page.