MySQL can be compiled using OpenSSL or yaSSL, both of which enable secure conections based on the OpenSSL API:
MySQL Enterprise Edition binary distributions are compiled using OpenSSL. It is not possible to use yaSSL with MySQL Enterprise Edition.
MySQL Community Edition binary distributions are compiled using yaSSL.
MySQL Community Edition source distributions can be compiled using either OpenSSL or yaSSL (see Section 6.4.2, “Building MySQL with Support for Secure Connections”).
OpenSSL and yaSSL offer the same basic functionality, but MySQL distributions compiled using OpenSSL have additional features:
OpenSSL supports a wider range of encryption ciphers from
which to choose for the
--ssl-cipher option. OpenSSL
supports the --ssl-capath,
--ssl-crl, and
--ssl-crlpath options. See
Section 6.4.5, “Command Options for Secure Connections”.
Accounts that authenticate using the
sha256_password plugin can use RSA key
files for secure password exchange over unencrypted
connections. See
Section 6.5.1.4, “The SHA-256 Authentication Plugin”.
OpenSSL supports more encryption modes for the
AES_ENCRYPT() and
AES_DECRYPT() functions. See
Section 12.13, “Encryption and Compression Functions”
Certain OpenSSL-related system and status variables are present only if MySQL was compiled using OpenSSL:
sha256_password_private_key_path
(added in MySQL 5.6.6)
sha256_password_public_key_path
(added in MySQL 5.6.6)
Rsa_public_key (added in
MySQL 5.6.6)
To determine whether your server was compiled using OpenSSL, test the existence of any of those variables. For example, this statement returns a row if OpenSSL was used and an empty result if yaSSL was used:
SHOW STATUS LIKE 'Rsa_public_key';
Such tests assume that your server version is not older than the
first appearance of the variable tested. For example, you cannot
test for Rsa_public_key before
MySQL 5.6.6.