Bug #93299 TLS cipher selection for X Protocol
Submitted: 22 Nov 2018 19:02 Modified: 21 Nov 2019 2:21
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Closed Impact on me:
Category:Connector / C++ Severity:S3 (Non-critical)
Version:8.0.13 OS:Any
Assigned to: CPU Architecture:Any
Tags: tls

[22 Nov 2018 19:02] Daniël van Eeden
For Classic Protocol (libmysqlclient):
mysql_options(mysql, MYSQL_OPT_SSL_CIPHER, cipher)

It looks to me that there is nothing similar for X Protocol with X DevAPI.

I want to use this to connect with specific ciphers to do performance testing.

How to repeat:
Try to restrict which TLS ciphersuites are used from X DevAPI client (Connector/C++)
[22 Nov 2018 19:36] Daniël van Eeden
added tag
[23 Nov 2018 9:30] MySQL Verification Team
Hello Daniël,

Thank you for the report.

[20 Nov 2019 18:37] Rafal Somla
Posted by developer:
New connection options `tls-versions` and `tls-ciphersuites` were added (WL#12755).
[21 Nov 2019 2:21] Paul DuBois
Posted by developer:
Fixed in 8.0.19.

Connector/C++ now provides options that enable specifying the permitted TLS protocols and ciphersuites for TLS connection negotiation:

* TLS protocols must be chosen from this list: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3. (TLSv1.3 requires that both the server and Connector/C++ be compiled with OpenSSL 1.1.1 or higher.)

* Ciphersuite values must be IANA ciphersuite names.

TLS protocols and ciphersuites now may be specified in these contexts:

* Connection strings permit tls-versions and tls-ciphersuites options. The tls-versions value is a list of one or more comma-separated TLS protocol versions. The tls-ciphersuites value is a list of one or more comma-separated ciphersuite names. Examples:


* SessionSettings objects permit TLS_VERSIONS and TLS_CIPHERSUITES options. Each value is either a string containing one or more comma-separated items or a container with strings (that is, any type that can be iterated with a loop that yields string values).

Example of single string values:

Session s(...,
  TLS_VERSIONS, "TLSv1.2,TLSv1.3",
Example of string container values:

std::list<std::string> tls_versions = {

std::list<std::string> ciphers = {

Session s(...,
  TLS_VERSIONS, tls_versions

Session s(...,
  TLS_VERSIONS, std::vector{"TLSv1.2","TLSv1.3"},

* mysqlx_session_option_set() and friends permit MYSQLX_OPT_TLS_VERSIONS and MYSQLX_OPT_TLS_CIPHERSUITES session option constants, together with the corresponding OPT_TLS_VERSIONS() and OPT_TLS_CIPHERSUITES() macros. MYSQLX_OPT_TLS_VERSIONS and MYSQLX_OPT_TLS_CIPHERSUITES accept a string containing one or more comma-separated items. Examples:

mysqlx_session_option_set(opts, ...,