config: set the default value of auto_tls to false #27486
Conversation
|
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
ti-chi-bot
added
release-note-none
There was a problem hiding this comment.
First a practical issue: This causes TestConfig to fail:
[2021-08-23T06:21:19.441Z] Diff:
[2021-08-23T06:21:19.441Z] --- Expected
[2021-08-23T06:21:19.441Z] +++ Actual
[2021-08-23T06:21:19.441Z] @@ -71,3 +71,3 @@
[2021-08-23T06:21:19.441Z] EnableSEM: (bool) false,
[2021-08-23T06:21:19.441Z] - AutoTLS: (bool) false,
[2021-08-23T06:21:19.441Z] + AutoTLS: (bool) true,
[2021-08-23T06:21:19.441Z] MinTLSVersion: (string) ""
[2021-08-23T06:21:19.441Z] Test: TestConfig
[2021-08-23T06:21:19.441Z] --- FAIL: TestConfig (0.02s)
The problem here is, many of the users may not be aware if they're using a client with the encrypted connection, so we decided to set the default value of auto_tls in the code to avoid the potential performance regression while keeping it to true in the config example file.
Here the choice is between Security and Performance.
This can delay the initial startup of the server by a little. I'm not sure if this is really a problem. I expect the performance impact to be minimal when running.
I would opt to keep this enabled and allow people to turn it of if the performance impact is problematic.
Leaving this enabled would:
- Result in a secure-by-default situation. Especially for those setups where there is not enough infrastructure and/or knowledge to setup TLS.
- Result in more testing with TLS etc.
- Make it easier for people to use
caching_sha2_passwordas without TLS this won't work.
I don't think this is a very technical decision to be made. This is mostly a strategic one. I'm fine with both options, but I would prefer TLS to be on by default.
bb7133
force-pushed
the
bb7133/default_autotls
branch
from
9a86520 to
2f4b4f3
Compare
|
@dveeden Thanks for your comment.
The default behavior TiDB when upgrading should be kept as before, so we don't want to make it changed. For the new cluster, it will be enabled since the configuration file is |
ti-chi-bot
added
the
needs-rebase
bb7133
force-pushed
the
bb7133/default_autotls
branch
from
2f4b4f3 to
2a46786
Compare
ti-chi-bot
removed
the
needs-rebase
bb7133
added
the
needs-cherry-pick-release-5.3
ti-chi-bot
added
status/LGT2
|
/merge |
|
This pull request has been accepted and is ready to merge. Commit hash: ef8ce37
|
ti-chi-bot
added
the
status/can-merge
Signed-off-by: ti-srebot <[email protected]>
|
cherry pick to release-5.2 in PR #29471 |
Signed-off-by: ti-srebot <[email protected]>
|
cherry pick to release-5.3 in PR #29472 |
What is changed and how it works?
What's Changed:
As described in the title, we would set the default value of
auto_tlstofalsefor compatibility with earlier releases:In #24141 the 'automatical creation of TLS certificates' is introduced for the consideration of MySQL's default behavior. However, when the client specifies to use an encrypted connection(the default behavior for most clients/connectors), a performance regression can be noticed.
The problem here is, many of the users may not be aware if they're using a client with the encrypted connection, so we decided to set the default value of
auto_tlsin the code to avoid the potential performance regression while keeping it totruein the config example file.However, the value in the config example file will be kept to
trueso that it is recommended(mostly for new clusters).Check List
Tests
Start a new TiDB with a configuration that does not contain
auto_tls, and confirm that the default value isfalse.Documentation
Release note