--ssl

For the server, this option specifies that the server allows SSL connections. For a client program, it allows the client to connect to the server using SSL. This option is not sufficient in itself to cause an SSL connection to be used. You must also specify the --ssl-ca, --ssl-cert, and --ssl-key options.

This option is more often used in its opposite form to indicate that SSL should not be used. To do this, specify the option as --skip-ssl or --ssl=0.

Note that use of --ssl does not require an SSL connection. For example, if the server or client is compiled without SSL support, a normal unencrypted connection is used.

The secure way to ensure that an SSL connection is used is to create an account on the server that includes a REQUIRE SSL clause in the GRANT statement. Then use this account to connect to the server, with both a server and client that have SSL support enabled.

--ssl-ca=file_name

The path to a file with a list of trusted SSL CAs.

--ssl-capath=directory_name

The path to a directory that contains trusted SSL CA certificates in PEM format.

--ssl-cert=file_name

The name of the SSL certificate file to use for establishing a secure connection.

--ssl-cipher=cipher_list

A list of allowable ciphers to use for SSL encryption. cipher_list has the same format as the openssl ciphers command.

Example: --ssl-cipher=ALL:-AES:-EXP

--ssl-key=file_name

The name of the SSL key file to use for establishing a secure connection.