Is it sensible to force SSL when connecting to MySQL Router via Unix socket?

227 views Asked by At

I have a standard MySQL InnoDB Cluster deployment with MySQL Routers instances (8.0.24) running on each of the applications servers. I have a script which adds a lot of data with MySQL command-line client (5.7.30); I would like it to connect via Unix socket for performance reasons.

The problem is the user the script needs to authenticate as requires SSL certificate (REQUIRE X509). And connecting via Unix socket disables SSL because it is superfluous.

I can force SSL with mysql ... --ssl-mode required which lets me in but prints the following warning:

You are enforcing ssl conection via unix socket. Please consider
switching ssl off as it does not make connection via unix socket
any more secure.

Now the question is: is the warning correct and I should adjust the configuration (of the server? the router? the client?). Or maybe the warning is wrong because the scenario (connecting to the router via Unix socket, then the router connects with MySQL via TCP) is not taken into consideration

0

There are 0 answers