Description:
The performance_schema.status_by_thread table doesn't appear to populate on some versions of MySQL.
If I set up a MySQL 5.7 (tested with 5.7.29 and 5.7.31) database on Windows, and create a user that "REQUIRE SSL". If I then log into the database from another Windows server and check the performance_schema.status_by_thread table I can clearly see my connection is using SSL.
If I repeat the process on Linux (tested on "Ver 14.14 Distrib 5.7.29, for Linux (x86_64)" on Debian 9), when I check in the performance_schema.status_by_thread table it is empty.
In both cases the performance schema is fully enabled, and checking the 'status' of the connection shows that the client end believes it is using SSL.
It appears to be fine when using MySQL 8.0.
How to repeat:
Set up a MySQL 5.7 Database on Windows.
Create a user:
CREATE USER 'ssltest'@'%' identified by 'ssltest';
GRANT ALL ON *.* TO 'ssltest'@'%' REQUIRE SSL;
From another windows location log onto the server using the new user and check the status:
mysql -h1.2.3.4 -P3306 -ussltest -pssltest -e status | grep SSL
SSL: Cipher in use is ECDHE-RSA-AES128-GCM-SHA256
Now log into mysql with that user and run:
SELECT
sbt.variable_value AS tls_version,
t2.variable_value AS cipher,
processlist_user AS user,
processlist_host AS host
FROM performance_schema.status_by_thread AS sbt
JOIN performance_schema.threads AS t ON t.thread_id = sbt.thread_id
JOIN performance_schema.status_by_thread AS t2 ON t2.thread_id = t.thread_id
WHERE sbt.variable_name = 'Ssl_version'
and t2.variable_name = 'Ssl_cipher'
ORDER BY tls_version;
You should see your login listed with tls version and cipher.
Now repeat the process using a Linux server. This time when you run the final query the result will be empty.
Suggested fix:
Ideally all connections should be included in the performance_schema.status_by_thread table on both Windows and Linux to help prove that connections are using SSL.