mysql5.7 关闭ssl
mysql5.7 编译安装的时会安装ssl,启动mysql后也会启用ssl,如果你不想启用ssl可以关闭它
如果你一开始不需要ssl,在编译安装可以不启用它。 也可以不启动ssl。 启用ssl会需要消耗一些资源,所以根据你的需求启用它
首先查看当前的mysql有没有启动ssl
复制代码
| mysql> show variables like '%ssl%'; | |
|---|---|
| Variable_name | Value |
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | ca.pem |
| ssl_capath | |
| ssl_cert | server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | server-key.pem |
9 rows in set (0.00 sec)
复制代码
have_ssl YES 表示是启动ssl的,可以在你的mysql的配置文件(例如/etc/my.cnf)的 [mysqld] 段添加 skip-ssl 表示跳过ssl
复制代码
[root@localhost ~]# cat /etc/my.cnf
[client]
port = 3306
socket=/data/mysql/mysql.sock
[mysqld]
port=3306
basedir=/opt/mysql
datadir=/data/mysql
socket=/data/mysql/mysql.sock
symbolic-links=0
user=mysql
pid-file=/data/mysql/mysqld.pid
log-error=/data/logs/mysql/mysqld.log
skip-ssl # 跳过ssl
[mysqld_safe]
log-error=/data/logs/mysql/mysqld.log
pid-file=/data/mysql/mysqld.pid
复制代码
然后重启mysql,在查看是否关闭了ssl
复制代码
[root@localhost ~]# service mysqld restart
Shutting down MySQL.... SUCCESS!
Starting MySQL. SUCCESS!
[root@localhost ~]#
[root@localhost ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.27 Source distribution
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
| mysql> show variables like '%ssl%'; | |
|---|---|
| Variable_name | Value |
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key |
9 rows in set (0.01 sec)
复制代码
可以看到have_ssl 为 DISABLED,表示已经停用了ssl。这种方法需求重启mysql,还是不太方便, 尝试修改全局变量,发现它是只读的变量
其实,这些可以通过 mysqld --verbose --help | grep ssl 帮助信息看到,多看看,而不是马上去百度。
复制代码
[root@localhost ~]# mysqld --verbose --help | grep ssl
Auto generate SSL certificates at server startup if --ssl--ssl Enable SSL for connection (automatically enabled with
(Defaults to on; use --skip-ssl to disable.)--ssl-ca=name CA file in PEM format (check OpenSSL docs, implies --ssl)
--ssl-capath=name CA directory (check OpenSSL docs, implies --ssl)
--ssl-cert=name X509 cert in PEM format (implies --ssl)
--ssl-cipher=name SSL cipher to use (implies --ssl)
--ssl-crl=name CRL file in PEM format (check OpenSSL docs, implies
--ssl)--ssl-crlpath=name CRL directory (check OpenSSL docs, implies --ssl)
--ssl-key=name X509 key in PEM format (implies --ssl)
TLSv1.2(Only for openssl)ssl FALSE
ssl-ca (No default value)
ssl-capath (No default value)
ssl-cert (No default value)
ssl-cipher (No default value)
ssl-crl (No default value)
ssl-crlpath (No default value)
ssl-key (No default value)
复制代码
暂无评论