You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Separating "preferred" into its own parameter instead of making it
a special value in the "tls=" parameter makes it possible to use
custom TLS config with this mode. This is useful when clients
don't need to authenticate servers using TLS but a server may
or may not need to authenticate the client using TLS.
Copy file name to clipboardExpand all lines: README.md
+11
Original file line number
Diff line number
Diff line change
@@ -335,6 +335,17 @@ Default: false
335
335
`tls=true` enables TLS / SSL encrypted connection to the server. Use `skip-verify` if you want to use a self-signed or invalid certificate (server side) or use `preferred` to use TLS only when advertised by the server. This is similar to `skip-verify`, but additionally allows a fallback to a connection which is not encrypted. Neither `skip-verify` nor `preferred` add any reliable security. You can use a custom TLS config after registering it with [`mysql.RegisterTLSConfig`](https://godoc.org/github.com/go-sql-driver/mysql#RegisterTLSConfig).
336
336
337
337
338
+
##### `tls-mode`
339
+
340
+
```
341
+
Type: string
342
+
Valid Values: preferred
343
+
Default: <none>
344
+
```
345
+
346
+
Use `tls-mode=preferred` to opt-in to TLS / SSL only with servers that support it. `preferred` does not authenticate the server but allows servers to optionally authenticate clients. The [`tls`](#tls) DSN parameter allows customizing the TLS config.
0 commit comments