From 0e817e1579b8422ba072202a1fd7ea378da4ff3b Mon Sep 17 00:00:00 2001 From: bb7133 Date: Thu, 4 Nov 2021 23:13:02 +0800 Subject: [PATCH] config: set the default value of auto_tls to false (#27486) --- config/config.go | 2 +- config/config.toml.example | 4 +++- config/config_test.go | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/config/config.go b/config/config.go index 3f7a005148da6..72e90225ad2bf 100644 --- a/config/config.go +++ b/config/config.go @@ -704,7 +704,7 @@ var defaultConf = Config{ Security: Security{ SpilledFileEncryptionMethod: SpilledFileEncryptionMethodPlaintext, EnableSEM: false, - AutoTLS: true, + AutoTLS: false, RSAKeySize: 4096, }, DeprecateIntegerDisplayWidth: false, diff --git a/config/config.toml.example b/config/config.toml.example index a209bd5525875..c894dbc0084f1 100644 --- a/config/config.toml.example +++ b/config/config.toml.example @@ -205,7 +205,9 @@ spilled-file-encryption-method = "plaintext" # Security Enhanced Mode (SEM) restricts the "SUPER" privilege and requires fine-grained privileges instead. enable-sem = false -# Automatic creation of TLS certificates +# Automatic creation of TLS certificates. +# Setting it to 'true' is recommended because it is safer and tie with the default configuration of MySQL. +# If this config is commented/missed, the value would be 'false' for the compatibility with TiDB versions that does not support it. auto-tls = true # Minium TLS version to use, e.g. "TLSv1.2" diff --git a/config/config_test.go b/config/config_test.go index bfcdaae176c6f..7b0bfe434b45f 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -344,7 +344,8 @@ spilled-file-encryption-method = "aes128-ctr" configFile = filepath.Join(filepath.Dir(localFile), "config.toml.example") require.NoError(t, conf.Load(configFile)) - // Make sure the example config is the same as default config. + // Make sure the example config is the same as default config except `auto_tls`. + conf.Security.AutoTLS = false require.Equal(t, GetGlobalConfig(), conf) // Test for log config.