Starting with the MySQL Community 8.0.4-RC we are unifying on OpenSSL as the default TLS/SSL library for both MySQL Enterprise Edition and MySQL Community Edition. Previously, MySQL Community Edition used YaSSL.
Why make this change?
- Community Requests – Supporting OpenSSL in the MySQL Community Edition has been one of the most frequently requested features.
- Security Updates – By dynamically linking, OpenSSL updates can be applied upon availability without requiring a MySQL upgrade or patch.
- Regulations/Validations – Many governments and organizations perform OpenSSL validation.
- Standardization, Quality of product – OpenSSL is commercial grade. OpenSSL is cross-tested with OpenSSL tools along with many other Security Infrastructure components and cryptography hooks.
- Extensibility – Supports use of OpenSSL compatible libraries, tools, and cryptographic devices/hardware engines.
- New Feature/Robust – OpenSSL continues to extend and expand its reach. With this, we can accelerate and include new security features coming from OpenSSL.
- OpenSSL Contributor – Oracle is actively contributing code and providing funding to the OpenSSL Organization.
To make this change – Additional Improvements – What was done?
- In addition to standardizing on OpenSSL, we ave also made a number of improvements including moving from statically linking to dynamically linking to OpenSSL
- Advantageous when it comes to OpenSSL related security upgrades
- Reduce the size of our package downloads, since several individual mysql command line programs and tools currently statically link to OpenSSL
- Only minor changes source were required to support dynamically linking
- With the exception of the MacOS, Windows and generic Linux packages, where the MySQL packages also include files from the OpenSSL library (. dylib /. so /. dll), for distribution-specific packages, the Operating System’s OpenSSL library is dynamically linked.
- This change is limited to MySQL Community products from version 8.0.4 and later
- No packages with builds for non-OpenSSL Libraries. Note: It should be possible to compile/use with other OpenSSL API-compatible libraries.
- Added additional permissions to MySQL Community GPLv2 license related to the OpenSSL license. For details see the product license files
Where can I read more?
- In the documentation: openSSL vs yaSSL and Encrypted Connection Protocols and Ciphers
- Note: To ensure users that using OpenSSL with community edition (and linking it dynamically) will upgrade smoothly, various functions were added. (e.g. TLSv1.2, additional block modes for AES_ENCRYPT/AES_DECRYPT, RSA key support for SHA256_PASSWORD, CRL)
We know many will be excited to see this change. Likely, many may think “what took you so long”, but thankfully the waiting is over.
We are listening to our Community, users and customers. This change to OpenSSL is based on those requests. Thank you for your valuable feedback! This input helps us determine how best to move the product forward.
Thank you for using MySQL !