Bug #116520 TLS SNI Support
Submitted: 31 Oct 22:00 Modified: 1 Nov 5:37
Reporter: Máté Gelencsér Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: C API (client library) Severity:S4 (Feature request)
Version:9.1.0 OS:Any
Assigned to: CPU Architecture:Any

[31 Oct 22:00] Máté Gelencsér
Description:
The SNI support was added here https://bugs.mysql.com/bug.php?id=84849
This sends the SNI after the server (first) started the handshake.
The issue is that tcp/tls proxies that try to route based on the SNI value to serve multiple mysql servers under one port, is not possible, since the protocol is designed to be server-first.

How to repeat:
-

Suggested fix:
A protocol update where there would be an option so that after the tcp connection is established the client would send the SNI, meaning the proxies could route based on that (and maybe a signature to let the proxy know that this is a mysql protocol).
[1 Nov 5:37] MySQL Verification Team
Hello Máté Gelencsér,

Thank you for the feature request!

regards,
Umesh