3

Under the list of supported TLS cipher suites here, MySQL contains support for a number of ECDSA suites.

I tried to setup MySQL to use SSL with an ECDSA private key, but this does not appear to work:

[mysqld]
ssl-ca          = /home/subroot/root.crt
ssl-cert        = /home/subroot/server.crt
ssl-key         = /home/subroot/key.crt

I have ensured that MySQL has permissions for the above files, and yet this setup does not appear to work. SSL remains disabled, and MySQL gives an error "invalid private key in /home/subroot/key.crt".

Why does MySQL support ECDSA suites if it doesn't support ECDSA keys...? Or am I doing something wrong here?

1 Answers1

2

You are probably using MySQL 5.7 or older compiled with YaSSL support. MySQL 8.0 is by default compiled with OpenSSL and has better support for many SSL/TLS features. Alternatively you can re-compile MySQL 5.7 or older with OpenSSL support.