Uploaded image for project: 'Debezium'
  1. Debezium
  2. DBZ-1208

Support TLS 1.2 for MySQL

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Done
    • Critical
    • 0.9.4.Final
    • None
    • mysql-connector
    • None

    Description

      Default SSL socket factory as created in com.github.shyiko.mysql.binlog.BinaryLogClient enforces TLS v1 as it is configured in no-parametric consutrctor of com.github.shyiko.mysql.binlog.network.DefaultSSLSocketFactory.

      Debezium should

      • provide a configuration parameter that would set the TLS version to be used
      • provide alternative implementation of com.github.shyiko.mysql.binlog.BinaryLogClient.DEFAULT_REQUIRED_SSL_MODE_SOCKET_FACTORY and com.github.shyiko.mysql.binlog.BinaryLogClient.DEFAULT_VERIFY_CA_SSL_MODE_SOCKET_FACTORY that would call a paramtirzed constructor with the requested TLS version
      • use the alternative SSL socket factory via {{com.github.shyiko.mysql.binlog.BinaryLogClient.setSocketFactory(SocketFactory)}

      Attachments

        Activity

          People

            Unassigned Unassigned
            jpechane Jiri Pechanec
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: