doris
doris copied to clipboard
apache
[feature](mysql) Support secure MySQL connection to FE
Proposed changes
Issue Number: close #16313
Problem summary
Background: Doris currently does not support SSL connection from MySQL clients, it's not secure enough in some cases, especially access Doris via the public internet.
Solution:
- Use TLS1.2 protocol to encrypt information.
- Implementation details
- server <--- connect <--- client
- if enable SSL: {
- server <--- SSL connection request packet <--- client
- server <--- SSL Exchange ---> client } (we will add this
iflogic part in this PR) - server ---> handshake request packet ---> client
- server <--- encrypted data ---> client (this part will be realized in this PR)
- reference1 https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase.html#sect_protocol_connection_phase_initial_handshake_ssl_handshake
- reference2 https://www.rfc-editor.org/rfc/rfc5246
close #16313
Signed-off-by: Yukang Lian [email protected] Co-authored-by: Gavin Chou [email protected] Co-authored-by: morningman [email protected]
Checklist(Required)
- [ ] Does it affect the original behavior
- [ ] Has unit tests been added
- [ ] Has document been added or modified
- [ ] Does it need to update dependencies
- [ ] Is this PR support rollback (If NO, please explain WHY)
Further comments
If this is a relatively large or complex change, kick off the discussion at [email protected] by explaining why you chose the solution you did and what alternatives you considered, etc...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
PR approved by at least one committer and no changes requested.
PR approved by at least one committer and no changes requested.