Bug #93178 No global info on TLS usage for X Protocol
Submitted: 13 Nov 2018 21:21 Modified: 14 Nov 2018 5:42
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:Shell General / Core Client Severity:S3 (Non-critical)
Version:8.0.11, 8.0.13 OS:Any
Assigned to: CPU Architecture:Any
Tags: tls

[13 Nov 2018 21:21] Daniël van Eeden 
Description:
For TLS I would like to monitor the number of TLS connections per TLS version and per TLS cipher. This is useful to check the impact when disabling ciphers and/or TLS versions.

This works for the Classic protocol, but not for X protocol connections.

See also: http://mysqlblog.fivefarmers.com/2015/04/13/practical-p_s-which-tls-ciphers-are-connection...

How to repeat:
 MySQL  127.0.0.1:18011+ ssl  SQL > show session status like '%Ssl_cipher';
+-------------------+---------------------------+
| Variable_name     | Value                     |
+-------------------+---------------------------+
| Mysqlx_ssl_cipher | DHE-RSA-AES128-GCM-SHA256 |
| Ssl_cipher        |                           |
+-------------------+---------------------------+
2 rows in set (0.0032 sec)

 MySQL  127.0.0.1:18011+ ssl  SQL > select * from performance_schema.status_by_thread where variable_name like '%Ssl_cipher';
+-----------+---------------+----------------+
| THREAD_ID | VARIABLE_NAME | VARIABLE_VALUE |
+-----------+---------------+----------------+
|        55 | Ssl_cipher    |                |
|        60 | Ssl_cipher    |                |
+-----------+---------------+----------------+
2 rows in set (0.0014 sec)

Suggested fix:
Add X Protocol TLS status info to performance_schema.status_by_thread
[14 Nov 2018 5:42] MySQL Verification Team 
Hello Daniël,

Thank you for the report and feedback!

regards,
Umesh