Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 10 of 15 5 Older Entries

Displaying posts with tag: tls (reset)

Restricting Connections to Secure Transport
Employee_Team +0 Vote Up -0Vote Down

MySQL 5.7 makes secure connections easier with streamlined key generation for both MySQL Community and MySQL Enterprise, improves security by expanding support for TLSv1.1 and TLSv1.2, and helps administrators assess whether clients are connecting securely or not with …

  [Read more...]
Simplified SSL/TLS Setup for MySQL Community
Employee_Team +1 Vote Up -0Vote Down

Transport Layer Security (TLS, also often referred to as SSL) is an important component of a secure MySQL deployment, but the complexities of properly generating the necessary key material and configuring the server dissuaded many users from completing this task.  MySQL Server 5.7 simplifies this task for both Enterprise and Community users. …

Using Connector/J with Python
+1 Vote Up -0Vote Down

With Python you would normally use MySQL Connector/Python or the older MySQLdb to connect from Python to MySQL, but there are more options.

There are also multiple Python implementations: CPython (the main implementation), PyPy, Jython and IronPython. PyPy tries to be faster than CPython by using a Just-in-Time compiler. Jython runs on the JVM and IronPython runs on the .NET CLR.

Connector/Python by default (Without the C …

  [Read more...]
The performance of TLS with MySQL Connector/Python
+0 Vote Up -0Vote Down

I've ran a simple test to see the performance impact of TLS on MySQL connections with MySQL Connector/Python

The test results are in this Jupyter notebook.

TL;DR:

  • Try to reuse connections if you use TLS
  • Establishing TLS connections is expensive (server & client)
  • Improved performance might be possible in the future by using TLS Tickets

Not tested:

  • Difference between YaSSL and OpenSSL
  • Difference between Ciphersuites
  • Performance of larger resultsets and queries
Secure Java Connections by Default
+0 Vote Up -0Vote Down

MySQL Connector/Java 5.1.38 was released earlier this week, and it includes a notable improvement related to secure connections.  Here’s how the change log describes it:

When connecting to a MySQL server 5.7 instance that supports TLS, Connector/J now prefers a TLS over a plain TCP connection.

This mirrors changes made in 5.7 to the behavior of MySQL command-line clients and libmysql client library.  Coupled with the …

  [Read more...]
SSL/TLS Improvements in MySQL 5.7.10
+1 Vote Up -0Vote Down

Secure communications is a core component of a robust security policy, and MySQL Server 5.7.10 – the first maintenance release of MySQL Server 5.7 – introduces needed improvements in this area.  Support for TLS has been expanded from TLSv1.0 to include TLSv1.1 and TLSv1.2, default ciphers have been updated, and controls have been implemented allowing both server and client-side configuration of acceptable TLS …

  [Read more...]
MySQL Connector/J 5.1.38 has been released
Employee_Team +1 Vote Up -0Vote Down

I’m pleased to announce that MySQL Connector/J 5.1.38 Maintenance Release is now generally available.

MySQL Connector/J can be downloaded from the official distribution channels MySQL Downloads and The Central repository. The commercially licensed version is available for download at My Oracle Support.

As always, we recommend that you check the CHANGES file in the …

  [Read more...]
SSL/TLS Connections to Recent MySQL Servers in Java
+0 Vote Up -0Vote Down

Recent changes to support better security by increasing strength of Diffie-Hellman cipher suites from 512-bit to 2048-bit were introduced to MySQL Server 5.7. While this change enhances security, it is an aggressive change in that 2048-bit DH ciphers are not universally supported. This has become a problem specifically for Java users, as only Java 8 JRE (currently) supports DH ciphers greater than 1024 bits. Making the problem more acute, this change was back-ported from MySQL Server 5.7 to the recent …

  [Read more...]
SSL/TLS in 5.6 and 5.5 – oCERT Advisory
+1 Vote Up -0Vote Down

Today, oCERT published advisory 2015-003 describing a TLS vulnerability in MySQL and derivative products.  The content isn’t exactly news – it is documented legacy behavior and the subject of an earlier blog post describing how MySQL Server 5.7 solves the problem.  That said, the efforts of Duo Security are certainly appreciated and welcomed – it provides a meaningful context to discuss how to properly …

  [Read more...]
Practical P_S: Which TLS ciphers are connections using?
+0 Vote Up -0Vote Down

As noted in an earlier post, MySQL Server 5.7 prefers and enables SSL/TLS connections by default.  That’s great and useful progress towards secure connections, but we know that not all SSL/TLS ciphers are created equal – some are older and more vulnerable.  Furthermore, some recent vulnerabilities rely on the ability to negotiate less-secure ciphers during the handshake.  Monitoring which ciphers are used can help identify connections using low-grade ciphers, but also to build an appropriate …

  [Read more...]
Showing entries 1 to 10 of 15 5 Older Entries

Planet MySQL © 1995, 2016, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.