TLS is also known as SSL (Secure Sockets Layer). It refers to Transport Layer Security.
When there is an unencrypted connection between the MySQL client and the server, a person who has access to the network can watch all the traffic and inspect the data that is being sent or received between client and server. When the user wishes to move information over a network in a secure method, an unencrypted connection is not acceptable.
To make any sort of data unreadable, encryption has to be used. Encryption algorithms usually include security elements that help resist many kinds of known attacks, some of which include changing the order of encrypted messages or replaying the data twice. MySQL supports the encrypted connection that happens between clients and the server where they both use the TLS protocol. But MySQL doesn’t use SSL protocol for encrypted connections since the encryption is weak.
TLS uses encryption algorithms to make sure that the data which is received over a public network is trusted data. It has many ways to detect data change, loss, or replay.TLS also uses algorithms that come with identity verification with the help of the X.509 standard.
MySQL performs encryption on a per-connection basis. The encryption for a given user can either be optional or mandatory. This enables the user to choose an encrypted or unencrypted connection depending on the requirements of the applications.
Let us understand how TLS can be enabled for MySQL clients:
--ssl-mode=REQUIRED- Tells that en encrypted connection is needed.
Authentication needs to be enabled: If the ssl-ca parameter is not specified, the client or server doesn’t do authentication by default.
To authenticate MySQL client from the server: