Azure Database for MySQL 中的 SSL/TLS 连接SSL/TLS connectivity in Azure Database for MySQL

备注

将要查看的是 Azure Database for MySQL 的新服务。You are viewing the new service of Azure Database for MySQL. 若要查看经典 MySQL Database for Azure 的文档,请访问此页To view the documentation for classic MySQL Database for Azure, please visit this page.

Azure Database for MySQL 支持使用安全套接字层 (SSL) 将数据库服务器连接到客户端应用程序。Azure Database for MySQL supports connecting your database server to client applications using Secure Sockets Layer (SSL). 通过在数据库服务器与客户端应用程序之间强制实施 SSL 连接,可以加密服务器与应用程序之间的数据流,有助于防止“中间人”攻击。Enforcing SSL connections between your database server and your client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and your application.

SSL 默认设置SSL Default settings

默认情况下,应将数据库服务配置为需要 SSL 连接才可连接到 MySQL。By default, the database service should be configured to require SSL connections when connecting to MySQL. 建议尽量不要禁用 SSL 选项。We recommend to avoid disabling the SSL option whenever possible.

通过 Azure 门户和 CLI 预配新的 Azure Database for MySQL 服务器时,默认情况下会强制实施 SSL 连接。When provisioning a new Azure Database for MySQL server through the Azure portal and CLI, enforcement of SSL connections is enabled by default.

Azure 门户中显示了各种编程语言的连接字符串。Connection strings for various programming languages are shown in the Azure portal. 这些连接字符串包含连接到数据库所需的 SSL 参数。Those connection strings include the required SSL parameters to connect to your database. 在 Azure 门户中,选择服务器。In the Azure portal, select your server. 在“设置”标题下,选择“连接字符串” 。Under the Settings heading, select the Connection strings. SSL 参数因连接器而异,例如“ssl=true”、“sslmode=require”或“sslmode=required”,以及其他变体。The SSL parameter varies based on the connector, for example "ssl=true" or "sslmode=require" or "sslmode=required" and other variations.

若要了解如何在开发应用程序期间启用或禁用 SSL 连接,请参阅如何配置 SSLTo learn how to enable or disable SSL connection when developing application, refer to How to configure SSL.

Azure Database for MySQL 中的 TLS 强制TLS enforcement in Azure Database for MySQL

对于使用传输层安全性 (TLS) 连接到数据库服务器的客户端,Azure Database for MySQL 支持加密。Azure Database for MySQL supports encryption for clients connecting to your database server using Transport Layer Security (TLS). TLS 是一种行业标准协议,可确保在数据库服务器与客户端应用程序之间实现安全的网络连接,使你能够满足合规性要求。TLS is an industry standard protocol that ensures secure network connections between your database server and client applications, allowing you to adhere to compliance requirements.

TLS 设置TLS settings

Azure Database for MySQL 提供了为客户端连接强制使用 TLS 版本的功能。Azure Database for MySQL provides the ability to enforce the TLS version for the client connections. 若要强制使用 TLS 版本,请使用“最低 TLS 版本”选项设置。To enforce the TLS version, use the Minimum TLS version option setting. 此选项设置允许以下值:The following values are allowed for this option setting:

最低 TLS 设置Minimum TLS setting 支持的客户端 TLS 版本Client TLS version supported
TLSEnforcementDisabled(默认值)TLSEnforcementDisabled (default) 不需要 TLSNo TLS required
TLS1_0TLS1_0 TLS 1.0、TLS 1.1、TLS 1.2 及更高版本TLS 1.0, TLS 1.1, TLS 1.2 and higher
TLS1_1TLS1_1 TLS 1.1、TLS 1.2 及更高版本TLS 1.1, TLS 1.2 and higher
TLS1_2TLS1_2 TLS 版本 1.2 及更高版本TLS version 1.2 and higher

例如,将此最低 TLS 设置版本的值设置为 TLS 1.0 意味着服务器将允许那些使用 TLS 1.0、1.1 和 1.2+ 的客户端进行连接。For example, setting the value of minimum TLS setting version to TLS 1.0 means your server will allow connections from clients using TLS 1.0, 1.1, and 1.2+. 也可将此选项设置为 1.2,这意味着仅允许那些使用 TLS 1.2+ 的客户端进行连接,将拒绝使用 TLS 1.0 和 TLS 1.1 进行的所有连接。Alternatively, setting this to 1.2 means that you only allow connections from clients using TLS 1.2+ and all connections with TLS 1.0 and TLS 1.1 will be rejected.

备注

Azure Database for MySQL 默认情况下为所有新服务器禁用 TLS。Azure Database for MySQL defaults to TLS being disabled for all new servers.

目前,Azure Database for MySQL 支持的 TLS 版本为 TLS 1.0、1.1 和 1.2。Currently the TLS versions supported by Azure Database for MySQL are TLS 1.0, 1.1, and 1.2. 强制实施特定的最小 TLS 版本后,你不能将它更改为“禁用”。Once enforced to a specific Minimum TLS version, you cannot change it to disabled.

若要了解如何为 Azure Database for MySQL 设置 TLS 设置,请参阅 如何配置 TLS 设置To learn how to set the TLS setting for your Azure Database for MySQL, refer to How to configure TLS setting.

后续步骤Next steps