config: set the default value of auto_tls to false (#27486) (#29472)

pingcap · Nov 5, 2021 · 8ec9a51 · 8ec9a51
1 parent 7b068ea
commit 8ec9a51
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/config/config.go b/config/config.go
@@ -704,7 +704,7 @@ var defaultConf = Config{
 	Security: Security{
 		SpilledFileEncryptionMethod: SpilledFileEncryptionMethodPlaintext,
 		EnableSEM:                   false,
-		AutoTLS:                     true,
+		AutoTLS:                     false,
 		RSAKeySize:                  4096,
 	},
 	DeprecateIntegerDisplayWidth: false,

diff --git a/config/config.toml.example b/config/config.toml.example
@@ -205,7 +205,9 @@ spilled-file-encryption-method = "plaintext"
 # Security Enhanced Mode (SEM) restricts the "SUPER" privilege and requires fine-grained privileges instead.
 enable-sem = false
 
-# Automatic creation of TLS certificates
+# Automatic creation of TLS certificates.
+# Setting it to 'true' is recommended because it is safer and tie with the default configuration of MySQL.
+# If this config is commented/missed, the value would be 'false' for the compatibility with TiDB versions that does not support it.
 auto-tls = true
 
 # Minium TLS version to use, e.g. "TLSv1.2"

diff --git a/config/config_test.go b/config/config_test.go
@@ -344,7 +344,8 @@ spilled-file-encryption-method = "aes128-ctr"
 	configFile = filepath.Join(filepath.Dir(localFile), "config.toml.example")
 	require.NoError(t, conf.Load(configFile))
 
-	// Make sure the example config is the same as default config.
+	// Make sure the example config is the same as default config except `auto_tls`.
+	conf.Security.AutoTLS = false
 	require.Equal(t, GetGlobalConfig(), conf)
 
 	// Test for log config.