<ul><li>TLS, the successor of SSL, is used for encrypting traffic and authenticating connections like in HTTPS.</li><li>While HTTPS starts TLS at the beginning, MySQL's TLS starts with negotation after client and server connection.</li><li>Challenges with MySQL TLS include server certificates not being signed by known CAs and difficulty in obtaining certificates for internal hostnames.</li><li>MySQL supports mutual-TLS authentication, but getting certificates from proper CAs can be complex.</li><li>Default SSL mode in MySQL has security implications, with various levels of encryption and validation.</li><li>MySQL's handshake process makes it challenging for proxies and load balancers to support TLS offloading.</li><li>Long-lived connections in MySQL require re-authentication and handling of session-specific data upon connection interruptions.</li><li>Oracle MySQL has made improvements in TLS integration, including default TLS usage, OpenSSL adoption, and simplified certificate setup.</li><li>Overall, while MySQL has faced challenges with TLS implementation, efforts have been made to enhance security and ease of use.</li></ul>

Why TLS for MySQL is difficult

Discover more