From 0ca50a61241001a2b8bb74f562726f126bb51074 Mon Sep 17 00:00:00 2001 From: YangKeao Date: Wed, 28 Feb 2024 16:50:01 +0800 Subject: [PATCH] remove support for tls 1.1 and 1.0 (#16221) --- enable-tls-between-clients-and-servers.md | 4 +--- tidb-configuration-file.md | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/enable-tls-between-clients-and-servers.md b/enable-tls-between-clients-and-servers.md index 30e6b8dd25645..3e47532a9bb88 100644 --- a/enable-tls-between-clients-and-servers.md +++ b/enable-tls-between-clients-and-servers.md @@ -8,7 +8,7 @@ aliases: ['/docs/dev/enable-tls-between-clients-and-servers/','/docs/dev/how-to/ By default, TiDB allows insecure connections between the server and clients. This enables third parties that monitor channel traffic to know and possibly modify the data sent and received between the server and the client, including query content and query results. If a channel is untrustworthy (such as if the client is connected to the TiDB server via a public network), an insecure connection is prone to information leakage. In this case, for security reasons, it is recommended to require a connection that is secured with TLS. -The TiDB server supports secure connections based on the TLS (Transport Layer Security) protocol. The protocol is consistent with MySQL secure connections and is directly supported by existing MySQL clients such as MySQL Client, MySQL Shell and MySQL drivers. TLS is sometimes referred to as SSL (Secure Sockets Layer). Because the SSL protocol has [known security vulnerabilities](https://en.wikipedia.org/wiki/Transport_Layer_Security), TiDB does not support SSL. TiDB supports the following protocols: TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3. +The TiDB server supports secure connections based on the TLS (Transport Layer Security) protocol. The protocol is consistent with MySQL secure connections and is directly supported by existing MySQL clients such as MySQL Client, MySQL Shell and MySQL drivers. TLS is sometimes referred to as SSL (Secure Sockets Layer). Because the SSL protocol has [known security vulnerabilities](https://en.wikipedia.org/wiki/Transport_Layer_Security), TiDB does not support SSL. TiDB supports the following protocols: TLSv1.2 and TLSv1.3. When a TLS secured connection is used, the connection has the following security properties: @@ -138,8 +138,6 @@ The crypto policy for your operating system and the client library you are using ### Supported TLS versions -- TLSv1.0 (disabled by default) -- TLSv1.1 (disabled by default) - TLSv1.2 - TLSv1.3 diff --git a/tidb-configuration-file.md b/tidb-configuration-file.md index e1894d514868e..35ec304fd08a3 100644 --- a/tidb-configuration-file.md +++ b/tidb-configuration-file.md @@ -419,7 +419,7 @@ Configuration items related to security. - Set the minimum TLS version for MySQL Protocol connections. - Default value: "", which allows TLSv1.2 or later versions. Before TiDB v7.6.0, the default value allows TLSv1.1 or later versions. -- Optional values: `"TLSv1.0"`, `"TLSv1.1"`, `"TLSv1.2"` and `"TLSv1.3"` +- Optional values: `"TLSv1.2"` and `"TLSv1.3"`. Before TiDB v8.0.0, `"TLSv1.0"` and `"TLSv1.1"` are also allowed. ### `auth-token-jwks` New in v6.4.0