Bug #90831 X Protocol - TLS only listening port
Submitted: 11 May 2018 9:43 Modified: 29 Feb 2020 8:53
Reporter: Jason Rahman Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Document Store: X Plugin Severity:S4 (Feature request)
Version:8.0 OS:Any
Assigned to: CPU Architecture:Any

[11 May 2018 9:43] Jason Rahman 
Description:
TLS 1.3 optimizations such as 0-RTT data are more difficult/unable to be used when application data has already been exchanged ahead of the handshake. Additionally, SSL is now considered the default anyway, and the capability negotiation for TLS is a waste of round trips in most cases.

How to repeat:
X protocol connections today require a separate upgrade to TLS following the initial connection establishment

Suggested fix:
Create a new listening port, on which TLS handshakes are immediately performed, rather than waiting for a capabilities negotiation. Since TLS is the default, this would provide a way to use TLS without the additional round-trip to negotiate the capability, and additionally enable usage of more recent TLS optimizations that cannot be used when application data is exchanged in the clear first.
[11 May 2018 10:42] MySQL Verification Team 
related https://bugs.mysql.com/bug.php?id=89213
[11 May 2018 10:52] Jason Rahman 
One additional thought, while I filed this bug specifically for the X protocol, I don't think there is reason why we couldn't have a single TLS listening port and then use ALPN to negotiate either the X protocol or the class Client/Server protocol.
[29 Feb 2020 8:53] MySQL Verification Team 
Hello Jason,

Thank you for the feature request!

regards,
Umesh