Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a new "tls-mode=preferred" DSN parameter #928

Closed
wants to merge 1 commit into from
Closed

Add a new "tls-mode=preferred" DSN parameter #928

wants to merge 1 commit into from

Conversation

dweitzman
Copy link

@dweitzman dweitzman commented Mar 7, 2019
edited

Add a new "tls-mode=preferred" DSN parameter

Description

Separating "preferred" into its own parameter instead of making it a special value in the "tls=" parameter makes it possible to use custom TLS config with this mode. This is useful when clients don't need to authenticate servers using TLS but a server may or may not need to authenticate the client using TLS.

Checklist

  • Code compiles correctly
  • Created tests which fail without the change (if possible)
  • All tests passing
  • Extended the README / documentation, if necessary
  • Added myself / the copyright holder to the AUTHORS file

@methane
Copy link
Member

methane commented Mar 7, 2019

It looks very ugly. I dislike it.

I think we should support "tls-mode=false|true|preferred" and deprecate tls=preferred.

@dweitzman
Copy link
Author

That makes sense to me. I'll update the diff when I have some time.

@julienschmidt julienschmidt added this to the v1.5.0 milestone Mar 8, 2019
@dweitzman dweitzman force-pushed the allow_preferred_with_custom_cert branch 2 times, most recently from c8f10f2 to a999586 Compare March 9, 2019 18:50
@dweitzman
Copy link
Author

Updated with tls-mode=preferred. I didn't add tls-mode=required since that would be the same as tls=true. Removing tls=true would be a breaking change that probably won't happen anytime soon, and it seemed best to avoid having two ways to do the same thing.

@dweitzman dweitzman force-pushed the allow_preferred_with_custom_cert branch 2 times, most recently from aa0612a to 1c44c49 Compare March 9, 2019 19:20
@dweitzman dweitzman changed the title Allow custom TLSConfig with "tls=preferred" Add a new "tls-mode=preferred" DSN parameter Mar 9, 2019
@dweitzman
Add a new "tls-mode=preferred" DSN parameter
6d36ff0 
Separating "preferred" into its own parameter instead of making it
a special value in the "tls=" parameter makes it possible to use
custom TLS config with this mode. This is useful when clients
don't need to authenticate servers using TLS but a server may
or may not need to authenticate the client using TLS.
@dweitzman dweitzman force-pushed the allow_preferred_with_custom_cert branch from 1c44c49 to 6d36ff0 Compare March 9, 2019 22:19
@methane
Copy link
Member

methane commented Mar 11, 2019

Removing tls=true would be a breaking change that probably won't happen anytime soon, and it seemed best to avoid having two ways to do the same thing.

I don't thinks so. If we add tls-mode, we should support all configuration about tls behavior on it.
On the other hand, it's OK to add only preferred at this pull request.

Options supported by tls-mode must be same to ssl-mode in MySQL. true|false was bad idea.
https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-options.html#option_general_ssl-mode

@julienschmidt julienschmidt modified the milestones: v1.5.0, v1.6.0 Oct 13, 2019
@julienschmidt julienschmidt modified the milestones: v1.6.0, v1.7.0 Apr 1, 2021
@shogo82148
Copy link
Contributor

It is done by #1370

@shogo82148 shogo82148 closed this Nov 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement waiting for reply
Projects
None yet
Milestone
v1.7.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dweitzman @methane @shogo82148 @julienschmidt