From 19afbfcfd650c9aa98583618ad5adb146f22e8d6 Mon Sep 17 00:00:00 2001 From: Yang Keao Date: Tue, 23 Jan 2024 16:07:27 +0800 Subject: [PATCH] remove support for tls 1.1 and 1.0 Signed-off-by: Yang Keao --- enable-tls-between-clients-and-servers.md | 4 +--- tidb-configuration-file.md | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/enable-tls-between-clients-and-servers.md b/enable-tls-between-clients-and-servers.md index 34724f5cfbb93..c0cae8ffc4f02 100644 --- a/enable-tls-between-clients-and-servers.md +++ b/enable-tls-between-clients-and-servers.md @@ -8,7 +8,7 @@ aliases: ['/docs/dev/enable-tls-between-clients-and-servers/','/docs/dev/how-to/ Non-encrypted connection between TiDB's server and clients is allowed by default, which enables third parties that monitor channel traffic to know the data sent and received between the server and the client, including query content and query results. If a channel is untrustworthy (such as if the client is connected to the TiDB server via a public network), then a non-encrypted connection is prone to information leakage. In this case, for security reasons, it is recommended to require an encrypted connection. -The TiDB server supports the encrypted connection based on the TLS (Transport Layer Security). The protocol is consistent with MySQL encrypted connections and is directly supported by existing MySQL clients such as MySQL Client, MySQL Shell and MySQL drivers. TLS is sometimes referred to as SSL (Secure Sockets Layer). Because the SSL protocol has [known security vulnerabilities](https://en.wikipedia.org/wiki/Transport_Layer_Security), TiDB does not support SSL. TiDB supports the following protocols: TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3. +The TiDB server supports the encrypted connection based on the TLS (Transport Layer Security). The protocol is consistent with MySQL encrypted connections and is directly supported by existing MySQL clients such as MySQL Client, MySQL Shell and MySQL drivers. TLS is sometimes referred to as SSL (Secure Sockets Layer). Because the SSL protocol has [known security vulnerabilities](https://en.wikipedia.org/wiki/Transport_Layer_Security), TiDB does not support SSL. TiDB supports the following protocols: TLSv1.2 and TLSv1.3. When an encrypted connection is used, the connection has the following security properties: @@ -131,8 +131,6 @@ The crypto policy for your operating system and the client library you are using ### Supported TLS versions -- TLSv1.0 (disabled by default) -- TLSv1.1 (disabled by default) - TLSv1.2 - TLSv1.3 diff --git a/tidb-configuration-file.md b/tidb-configuration-file.md index fdcc6b87584ee..9fd74d81ba6e3 100644 --- a/tidb-configuration-file.md +++ b/tidb-configuration-file.md @@ -415,7 +415,7 @@ Configuration items related to security. - Set the minimum TLS version for MySQL Protocol connections. - Default value: "", which allows TLSv1.2 or higher. Before TiDB v7.6.0, the default value allows TLSv1.1 or higher. -- Optional values: `"TLSv1.0"`, `"TLSv1.1"`, `"TLSv1.2"` and `"TLSv1.3"` +- Optional values: `"TLSv1.2"` and `"TLSv1.3"`. Before TiDB v8.0.0, `"TLSv1.0"` and `"TLSv1.1"` are also allowed. ### `auth-token-jwks` New in v6.4.0