MySQL Shell 8.0

4.3.4 Using Encrypted Connections

Using encrypted connections is possible when connecting to a TLS (sometimes referred to as SSL) enabled MySQL server. Much of the configuration of MySQL Shell is based on the options used by MySQL server, see Using Encrypted Connections for more information.

To configure an encrypted connection at startup of MySQL Shell, use the following command options:

Alternatively, the SSL options can be encoded as part of a URI-like connection string as part of the query element. The available SSL options are the same as those listed above, but written without the preceding hyphens. For example, ssl-ca is the equivalent of --ssl-ca.

Paths specified in a URI-like string must be percent encoded, for example:


See Connecting to the Server Using URI-Like Strings or Key-Value Pairs for more information.

To establish an encrypted connection for a scripting session in JavaScript or Python mode, set the SSL information in the connectionData dictionary. For example:

mysql-js> var session=mysqlx.getSession({host: 'localhost',
                                             user: 'root',
                                             password: 'password',
                                             ssl_ca: "path_to_ca_file",
                                             ssl_cert: "path_to_cert_file",
                                             ssl_key: "path_to_key_file"});

Sessions created using mysqlx.getSession(), mysql.getSession(), or mysql.getClassicSession() use ssl-mode=REQUIRED as the default if no ssl-mode is provided, and neither ssl-ca nor ssl-capath is provided. If no ssl-mode is provided and any of ssl-ca or ssl-capath is provided, created sessions default to ssl-mode=VERIFY_CA.

See Connecting Using Key-Value Pairs for more information.