10bet网址
MySQL 5.7 Reference Manual
Related Documentation Download this Manual Excerpts from this Manual

2.9.6 Configuring SSL Library Support

An SSL library is required for support of encrypted connections, entropy for random number generation, and other encryption-related operations. Your system must support either OpenSSL or yaSSL:

  • MySQL Enterprise Edition binary distributions are compiled using OpenSSL. It is not possible to use yaSSL with MySQL Enterprise Edition.

  • MySQL Community Edition binary distributions are compiled using yaSSL.

  • MySQL Community Edition source distributions can be compiled using either OpenSSL or yaSSL.

Note

It is possible to compile MySQL using yaSSL as an alternative to OpenSSL only prior to MySQL 5.7.28. As of MySQL 5.7.28, support for yaSSL is removed and all MySQL builds use OpenSSL.

If you compile MySQL from a source distribution,CMakeconfigures the distribution to use the installed OpenSSL library by default.

To compile using OpenSSL, use this procedure:

  1. Ensure that OpenSSL 1.0.1 or higher is installed on your system. If the installed OpenSSL version is lower than 1.0.1,CMakeproduces an error at MySQL configuration time. If it is necessary to obtain OpenSSL, visithttp://www.openssl.org.

  2. TheWITH_SSLCMakeoption determines which SSL library to use for compiling MySQL (seeSection 2.9.7, “MySQL Source-Configuration Options”)。The default is-DWITH_SSL=system, which uses OpenSSL. To make this explicit, specify that option on theCMakecommand line. For example:

    cmake . -DWITH_SSL=system

    That command configures the distribution to use the installed OpenSSL library. Alternatively, to explicitly specify the path name to the OpenSSL installation, use the following syntax. This can be useful if you have multiple versions of OpenSSL installed, to preventCMakefrom choosing the wrong one:

    cmake . -DWITH_SSL=path_name
  3. Compile and install the distribution.

To check whether amysqldserver supports encrypted connections, examine the value of thehave_sslsystem variable:

mysql> SHOW VARIABLES LIKE 'have_ssl'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_ssl | YES | +---------------+-------+

If the value isYES, the server supports encrypted connections. If the value isDISABLED, the server is capable of supporting encrypted connections but was not started with the appropriate--ssl-xxxoptions to enable encrypted connections to be used; seeSection 6.3.1, “Configuring MySQL to Use Encrypted Connections”.

To determine whether a server was compiled using OpenSSL or yaSSL, check the existence of any of the system or status variables that are present only for OpenSSL. SeeSection 6.3.4, “SSL Library-Dependent Capabilities”.