SSL/TLS support for MySQL DB instances on Amazon RDS - Amazon Relational Database Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

SSL/TLS support for MySQL DB instances on Amazon RDS

Amazon RDS creates an SSL/TLS certificate and installs the certificate on the DB instance when Amazon RDS provisions the instance. These certificates are signed by a certificate authority. The SSL/TLS certificate includes the DB instance endpoint as the Common Name (CN) for the SSL/TLS certificate to guard against spoofing attacks.

For information about downloading certificates, see Using SSL/TLS to encrypt a connection to a DB instance or cluster. For more information about using SSL/TLS with MySQL, see Updating applications to connect to MySQL DB instances using new SSL/TLS certificates.

For MySQL version 8.0 and lower, Amazon RDS for MySQL uses OpenSSL for secure connections. For MySQL version 8.4 and higher, Amazon RDS for MySQL uses Amazon-LC. TLS support depends on the MySQL version. The following table shows the TLS support for MySQL versions.

MySQL version TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3

MySQL 8.4

Not supported

Not supported

Supported

Supported

MySQL 8.0

Not supported

Not supported

Supported

Supported

MySQL 5.7

Supported

Supported

Supported

Not supported