Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v5.2.0 version, auto-tls default value is ture in config.toml.example but false in online tidb #27615

Closed
seiya-annie opened this issue Aug 26, 2021 · 3 comments
Closed

v5.2.0 version, auto-tls default value is ture in config.toml.example but false in online tidb #27615

seiya-annie opened this issue Aug 26, 2021 · 3 comments
Labels
severity/minor

Comments

@seiya-annie
Copy link

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

in config.toml.example
Automatic creation of TLS certificates.
Setting it to 'true' is recommended because it is safer and tie with the default configuration of MySQL.
If this config is commented/missed, the value would be 'false' for the compatibility with TiDB versions that does not support it.
auto-tls = true

in tidb instance:
select @@tidb_config\G;
"security": {
"skip-grant-table": false,
"ssl-ca": "",
"ssl-cert": "",
"ssl-key": "",
"require-secure-transport": false,
"cluster-ssl-ca": "",
"cluster-ssl-cert": "",
"cluster-ssl-key": "",
"cluster-verify-cn": null,
"spilled-file-encryption-method": "plaintext",
"enable-sem": false,
"auto-tls": false

2. What did you expect to see? (Required)

default value should be same

3. What did you see instead (Required)

different

4. What is your TiDB version? (Required)

| Release Version: v5.2.0
Edition: Community
Git Commit Hash: 3b39fed
Git Branch: heads/refs/tags/v5.2.0
UTC Build Time: 2021-08-26 05:50:13
GoVersion: go1.16.4
Race Enabled: false
TiKV Min Version: v3.0.0-60965b006877ca7234adaced7890d7b029ed1306
Check Table Before Drop: false |
@seiya-annie seiya-annie added the type/bug The issue is confirmed as a bug. label Aug 26, 2021
@dveeden
Copy link
Contributor

dveeden commented Aug 26, 2021

This is related to #27486
cc @bb7133

@seiya-annie
Copy link
Author

The problem here is, many of the users may not be aware if they're using a client with the encrypted connection, so we decided to set the default value of auto_tls in the code to avoid the potential performance regression while keeping it to true in the config example file.

However, the value in the config example file will be kept to true so that it is recommended(mostly for new clusters).

@ti-srebot
Copy link
Contributor

Please edit this comment or add a new comment to complete the following information

Not a bug

  1. Remove the 'type/bug' label
  2. Add notes to indicate why it is not a bug

Duplicate bug

  1. Add the 'type/duplicate' label
  2. Add the link to the original bug

Bug

Note: Make Sure that 'component', and 'severity' labels are added
Example for how to fill out the template: #20100

1. Root Cause Analysis (RCA) (optional)

2. Symptom (optional)

3. All Trigger Conditions (optional)

4. Workaround (optional)

5. Affected versions

6. Fixed versions

@seiya-annie seiya-annie removed the type/bug The issue is confirmed as a bug. label Aug 26, 2021
@pingcap pingcap deleted a comment from ti-srebot Sep 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
severity/minor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dveeden @seiya-annie @ti-srebot