SSL Connection: Ability to specify the cipher

[jp9]

With recent update of the OpenSSL, some of the ciphers have been marked as deprecated/insecure. So, when "node-mysql" is used on nodejs versions before 0.12, the default cipher used is not secure enough and the connection is not established.

See more details here:
http://stackoverflow.com/questions/31277667/dh-key-too-small-google-cloudsql-ssl

Proposed solution:

• Allow specification of "cipher" as option in the SSL options when instantiating the SSL connection (ie for the end user while creating the pool). We already allow specification of "ca", "key" and "cert".

So it will end up looking like this:

var pool = mysql.createPool({
    connectionLimit : <value>,
        database : <name>,
    ssl  : {
           ca : '' ,
           key : '',
           cert : '',
           ciphers: '' // NEW
       }
});

[jp9]

Another solution: "ssl" option in createPool function should take the object and pass this object (preferably AS-IS) to the TLS and use it to establish the connection.

[dougwilson]

Hi @jp9 , accepting the ciphers option sounds fine to me. I just committed the new feature to master, if you can try it out and confirm that it works for the given use case :)

[jp9]

Thank you for the quick fix. It works !!!

[dougwilson]

Thanks so much for the confirmation, @jp9 ! The change is published as 2.9.0