Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v5.2.2: Update TLS docs #6323

Merged
merged 7 commits into from
Oct 19, 2021
Merged

v5.2.2: Update TLS docs #6323

merged 7 commits into from
Oct 19, 2021

Conversation

dveeden
Copy link
Contributor

@dveeden dveeden commented Aug 27, 2021
edited
Loading

What is changed, added or deleted? (Required)

Update TLS docs with:

  • TiDB 5.2.x additions
  • Remove the use of mysql_ssl_rsa_setup as this is replaced with AutoTLS
  • Add SSL Modes available in MySQL 8.0 client

Which TiDB version(s) do your changes apply to? (Required)

  • master (the latest development version)
  • v5.2 (TiDB 5.2 versions)
  • v5.1 (TiDB 5.1 versions)
  • v5.0 (TiDB 5.0 versions)
  • v4.0 (TiDB 4.0 versions)
  • v3.1 (TiDB 3.1 versions)
  • v3.0 (TiDB 3.0 versions)
  • v2.1 (TiDB 2.1 versions)

What is the related PR or file link(s)?

Closes #6387

Including this:

Not including this as it doesn't apply to v5.2:

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Aug 27, 2021
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • TomShawn
  • morgo

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 27, 2021
@ti-chi-bot ti-chi-bot requested a review from TomShawn August 27, 2021 15:05
@ti-chi-bot ti-chi-bot added missing-translation-status This PR does not have translation status info. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 27, 2021
@dveeden
Copy link
Contributor Author

dveeden commented Aug 27, 2021

/cc @bb7133 @morgo @TomShawn

@ti-chi-bot ti-chi-bot requested review from bb7133 and morgo August 27, 2021 15:06
@dveeden
Copy link
Contributor Author

dveeden commented Aug 30, 2021

The list on https://pkg.go.dev/crypto/tls#pkg-constants doesn't match exactly with the list on https://docs.pingcap.com/tidb/stable/enable-tls-between-clients-and-servers#supported-tls-versions-key-exchange-protocols-and-encryption-algorithms

Should it match exactly?

@dveeden dveeden marked this pull request as ready for review August 30, 2021 08:33
@ti-chi-bot ti-chi-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 30, 2021
@TomShawn TomShawn added needs-cherry-pick-release-5.2 translation/doing This PR's assignee is translating this PR. labels Aug 31, 2021
@ti-chi-bot ti-chi-bot removed the missing-translation-status This PR does not have translation status info. label Aug 31, 2021
@TomShawn TomShawn added the type/enhancement The issue or PR belongs to an enhancement. label Aug 31, 2021
@TomShawn TomShawn added status/PTAL This PR is ready for reviewing. sig/docs Indicates that the Issue or PR belongs to the docs SIG. area/sql-infra Indicates that the Issue or PR belongs to the area of sql-infra and sql-metadata. labels Sep 1, 2021
@ti-chi-bot ti-chi-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 6, 2021
@dveeden dveeden mentioned this pull request Sep 6, 2021
Closed
@dveeden dveeden requested a review from morgo September 8, 2021 07:02
@dveeden
Copy link
Contributor Author

dveeden commented Sep 8, 2021

@morgo @bb7133 @TomShawn PTAL

morgo
morgo approved these changes Sep 11, 2021
View reviewed changes
Copy link
Contributor

@morgo morgo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. For the chinese translation you might want to ask @s3nt3 for translation or review, because the usage of some of the language is very specific.

enable-tls-between-clients-and-servers.md Outdated Show resolved Hide resolved
@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Sep 11, 2021
@TomShawn TomShawn added the type/compatibility-or-feature-change This PR involves compatibility changes or feature behavior changes. label Oct 18, 2021
TomShawn
TomShawn reviewed Oct 18, 2021
View reviewed changes
enable-tls-between-clients-and-servers.md Outdated Show resolved Hide resolved
enable-tls-between-clients-and-servers.md Outdated Show resolved Hide resolved
enable-tls-between-clients-and-servers.md Outdated Show resolved Hide resolved
enable-tls-between-clients-and-servers.md Outdated Show resolved Hide resolved
enable-tls-between-clients-and-servers.md Outdated Show resolved Hide resolved
enable-tls-between-clients-and-servers.md Outdated Show resolved Hide resolved
enable-tls-between-clients-and-servers.md Outdated Show resolved Hide resolved
generate-self-signed-certificates.md Outdated Show resolved Hide resolved
enable-tls-between-clients-and-servers.md Show resolved Hide resolved
@TomShawn
Copy link
Contributor

For v5.2.x additions, could you please add the description: "Since v5.2.2, ...."?

@TomShawn TomShawn changed the title Update TLS docs v5.2.2: Update TLS docs Oct 18, 2021
@dveeden @TomShawn
Apply suggestions from code review
7872241 
Co-authored-by: TomShawn <41534398+TomShawn@users.noreply.github.com>
@TomShawn TomShawn added area/security Relates to TiDB security and privilege. and removed area/sql-infra Indicates that the Issue or PR belongs to the area of sql-infra and sql-metadata. labels Oct 19, 2021
@TomShawn
Copy link
Contributor

@dveeden Any update?

@dveeden
Copy link
Contributor Author

dveeden commented Oct 19, 2021

@TomShawn added some text about mysql_ssl_rsa_setup (which is a third-party tool from Oracle MySQL: https://dev.mysql.com/doc/refman/8.0/en/mysql-ssl-rsa-setup.html ) and added a note about versions. auto-tls, Ssl_server_not_after and Ssl_server_not_before are the items that need a version note.

TomShawn
TomShawn approved these changes Oct 19, 2021
View reviewed changes
Copy link
Contributor

@TomShawn TomShawn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

enable-tls-between-clients-and-servers.md Outdated Show resolved Hide resolved
enable-tls-between-clients-and-servers.md Outdated Show resolved Hide resolved
@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Oct 19, 2021
dveeden and others added 2 commits October 19, 2021 14:12
@dveeden @TomShawn
Update enable-tls-between-clients-and-servers.md
da9e545 
Co-authored-by: TomShawn <41534398+TomShawn@users.noreply.github.com>
@dveeden @TomShawn
Update enable-tls-between-clients-and-servers.md
28aeb2a 
Co-authored-by: TomShawn <41534398+TomShawn@users.noreply.github.com>
@TomShawn
Copy link
Contributor

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 28aeb2a

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Oct 19, 2021
@ti-chi-bot ti-chi-bot merged commit 800491f into pingcap:master Oct 19, 2021
@ti-chi-bot ti-chi-bot mentioned this pull request Oct 19, 2021
Merged
8 tasks
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created: #6646.

ti-chi-bot added a commit that referenced this pull request Oct 19, 2021
@ti-chi-bot
v5.2.2: Update TLS docs (#6323) (#6646)
3a6a745
@Liuxiaozhen12 Liuxiaozhen12 mentioned this pull request Oct 21, 2021
Merged
13 tasks
@Liuxiaozhen12 Liuxiaozhen12 added translation/done This PR has been translated from English into Chinese and updated to pingcap/docs-cn in a PR. and removed translation/doing This PR's assignee is translating this PR. labels Oct 21, 2021
s3nt3
s3nt3 reviewed Oct 21, 2021
View reviewed changes
enable-tls-between-clients-and-servers.md

If the certificate parameters are correct, TiDB outputs `secure connection is enabled` when started; otherwise, it outputs `secure connection is NOT ENABLED`.

For TiDB versions earlier than v5.2.0, you can use `mysql_ssl_rsa_setup --datadir=./certs` to generate certficates. The `mysql_ssal_rsa_setup` tool is a part of MySQL Server.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There seems to be a mistake: mysql_ssal_rsa_setup should be changed to mysql_ssl_rsa_setup.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in b9ce3fe.

@Liuxiaozhen12 Liuxiaozhen12 mentioned this pull request Oct 21, 2021
Merged
13 tasks
This was referenced Oct 25, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Liuxiaozhen12 Liuxiaozhen12 Liuxiaozhen12 left review comments

@s3nt3 s3nt3 s3nt3 left review comments

@TomShawn TomShawn TomShawn approved these changes

@bb7133 bb7133 bb7133 approved these changes

@morgo morgo morgo approved these changes

Assignees

@Liuxiaozhen12 Liuxiaozhen12

Labels
area/security Relates to TiDB security and privilege. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2. status/PTAL This PR is ready for reviewing. translation/done This PR has been translated from English into Chinese and updated to pingcap/docs-cn in a PR. type/compatibility-or-feature-change This PR involves compatibility changes or feature behavior changes. type/enhancement The issue or PR belongs to an enhancement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Inconsistent description on the same page
7 participants
@dveeden @ti-chi-bot @bb7133 @TomShawn @morgo @s3nt3 @Liuxiaozhen12