and authentication scheme used depends on the transport used. With gRPC (the default for Vitess), TLS can be used to secure both internal and external RPCs. We’ll detail what the options are. Caller ID gRPC transport, Vitess can use the usual TLS security features (familiarity with SSL / TLS is necessary here): • Any Vitess server can be configured to use TLS with the following command line parameters: in the provided file. • A Vitess go client can be configured with symmetrical parameters to enable TLS: – ..._grpc_ca: list of server cert signers to trust. – ..._grpc_server_name: name of the server cert

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 Securing Vitess Using TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VTGate to support TLS set -mysql_server_ssl_cert and -mysql_server_ssl_key. Client certificates can also be mandated by setting -mysql_server_ssl_ca. If there is no CA specified then TLS is optional. X services and internally uses RPCs. These RPCs can optionally utilize secure transport options to use TLS over the gRPC HTTP/2 transport protocol. This document explains how to use these features. Finally

services and internally uses RPCs. These RPCs can optionally utilize secure transport options to use TLS over the gRPC HTTP/2 transport protocol. This document explains how to use these features. Finally transport, Vitess can use the usual TLS security features. Please note that familiarity with TLS is necessary here: • Any Vitess server can be configured to use TLS with the following command line parameters: in the provided file. • A Vitess go client can be configured with symmetrical parameters to enable TLS: 83 – xxxx_grpc_ca: list of server cert signers to trust. I.E. the client will only connect to servers

VTGate to support TLS set -mysql_server_ssl_cert and -mysql_server_ssl_key. Client certificates can also be mandated by setting -mysql_server_ssl_ca. If there is no CA specified then TLS is optional. Temporary services and internally uses RPCs. These RPCs can optionally utilize secure transport options to use TLS over the gRPC HTTP/2 transport protocol. This document explains how to use these features. Finally transport, Vitess can use the usual TLS security features. Please note that familiarity with TLS is necessary here: • Any Vitess server can be configured to use TLS with the following command line parameters:

VTGate to support TLS set -mysql_server_ssl_cert and -mysql_server_ssl_key. Client certificates can also be mandated by setting -mysql_server_ssl_ca. If there is no CA specified then TLS is optional. Temporary services and internally uses RPCs. These RPCs can optionally utilize secure transport options to use TLS over the gRPC HTTP/2 transport protocol. This document explains how to use these features. Finally transport, Vitess can use the usual TLS security features. Please note that familiarity with TLS is necessary here: • Any Vitess server can be configured to use TLS with the following command line parameters:

VTGate to support TLS set -mysql_server_ssl_cert and -mysql_server_ssl_key. Client certificates can also be mandated by setting -mysql_server_ssl_ca. If there is no CA specified then TLS is optional. Temporary services and internally uses RPCs. These RPCs can optionally utilize secure transport options to use TLS over the gRPC HTTP/2 transport protocol. This document explains how to use these features. Finally transport, Vitess can use the usual TLS security features. Please note that familiarity with TLS is necessary here: • Any Vitess server can be configured to use TLS with the following command line parameters:

VTGate to support TLS set -mysql_server_ssl_cert and -mysql_server_ssl_key. Client certificates can also be mandated by setting -mysql_server_ssl_ca. If there is no CA specified then TLS is optional. Session and authentication scheme used depends on the transport used. With gRPC (the default for Vitess), TLS can be used to secure both internal and external RPCs. We’ll detail what the options are. Caller ID gRPC transport, Vitess can use the usual TLS security features (familiarity with SSL / TLS is necessary here): • Any Vitess server can be configured to use TLS with the following command line parameters:

VTGate to support TLS set -mysql_server_ssl_cert and -mysql_server_ssl_key. Client certificates can also be mandated by setting -mysql_server_ssl_ca. If there is no CA specified then TLS is optional. 52 and authentication scheme used depends on the transport used. With gRPC (the default for Vitess), TLS can be used to secure both internal and external RPCs. We’ll detail what the options are. Caller ID gRPC transport, Vitess can use the usual TLS security features (familiarity with SSL / TLS is necessary here): • Any Vitess server can be configured to use TLS with the following command line parameters:

services. In focus were Denial-of-Service and similar resource-depletion scenarios. • The deployed TLS configurations were analyzed for common misconfigurations, again to no avail. Cure53, Berlin · 03/08/19