This is more of a question than me sharing knowledge, but I'm testing the effects of MySQL SSL on replication delay. Interestingly, my tests show faster replication when I enable SSL, versus disable. The slave_compressed_protocol has an effect too, and I get the best result when I use SSL and slave compression in a non-CPU bound test.
The question came up, however, of what SSL Cipher I'm using. I'm not specifying one in my CHANGE MASTER statement, so I'm guessing I'm getting the same default cipher as if I connect with the regular mysql command line client with SSL, which is:
SSL: Cipher in use is DHE-RSA-AES256-SHA
I haven't found any manual pages, or any blog posts where people have discussed this, but what is the best SSL cipher to use for both client -> server type workloads, but also replication?
4 Comments
You're asking an open question since you're not defining what you mean by 'best' Do you mean the fastest The most memory efficient the least CPU intensive the most cryptographically secure
Good point, all of the above :)
Probably fastest and least CPU intensive, but still encrypted would be the most interesting.
How did you come up with that list of default ciphers I am looking for that, since I am not setting any, then I am curious to confirm that's actully the list.
Thanks,
Mirko
Type '\s' when connected to mysql via the mysql command line client.