Questions about Tiproxy, TLS, and source code

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: Tiproxy, TLS, source code 疑问

| username: ShawnYan

It states here that TLS 1.0~1.3 is supported, with 1.2 being the default.

However, in TiDB, anything below 1.2 will trigger a warning,
https://github.com/pingcap/tidb/blob/master/util/misc.go#L499

"Minimum TLS version allows pre-TLSv1.2 protocols, this is not recommended",

Should TiProxy also include this?

| username: Billmay表妹 | Original post link

This would be fixed by util: Use TLSv1.2 as minimum TLS version by default by dveeden · Pull Request #36037 · pingcap/tidb · GitHub

| username: ShawnYan | Original post link

Raised issue here: Report warning when TLS version is below 1.2 · Issue #337 · pingcap/tiproxy · GitHub

| username: ShawnYan | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.