6.3.9.2 Configuring MySQL for SSL

MySQL Community Edition is bundled with yaSSL, but can be configured to use OpenSSL when built from source distribution.

Important

MySQL Enterprise Edition is bundled with yaSSL. It is not possible to use openSSL with MySQL Enterprise Edition.

To build MySQL Community Edition with openSSL support, you must do the following:

  1. Ensure openSSL 1.0.1, or higher, is installed on your system. To obtain OpenSSL, visit http://www.openssl.org.

  2. Configure the MySQL source distribution to use openSSL by invoking CMake in the following way:

    shell> cmake . -DWITH_SSL=system
    

    That command configures the distribution to use the installed OpenSSL library. See Section 2.9.4, “MySQL Source-Configuration Options”. If you do not specify -DWITH_SSL, yaSSL is used by default.

  3. Compile and install the distribution.

To check whether a mysqld server supports SSL, examine the value of the have_ssl system variable:

mysql> SHOW VARIABLES LIKE 'have_ssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_ssl      | YES   |
+---------------+-------+

If the value is YES, the server supports SSL connections. If the value is DISABLED, the server is capable of supporting SSL connections but was not started with the appropriate --ssl-xxx options to enable them to be used; see Section 6.3.9.3, “Using SSL Connections”.