nginx ssl stream termination for MySQL backends
mdounin at mdounin.ru
Sat Jan 7 17:56:34 UTC 2023
On Sat, Jan 07, 2023 at 10:48:31PM +0530, Vishwas Bm wrote:
> Below is the use case which I am trying:
> client--->nginx stream(ssl termination) ---> MySQL Db
> Connection between nginx and MySQL db is unencrypted.
> When I send ssl request using MySQL client, I am getting ssl handshake
> timeout error. I do not see client hello from client in tcpdump capture.
> Is the above usecase valid with nginx?
> Has someone tried this configuration ?
The MySQL protocol uses an internal SSL handshake establishment,
which is only happens if both client and server agree to use it.
That is, it works similarly to STARTTLS in SMTP. See here for
As such, it is not possible to do simple SSL offloading,
something that nginx stream module can do for you, but rather a
protocol-specific implementation is needed.
More information about the nginx