Configuring TLS settings in Azure Database for MySQL using Azure portal
APPLIES TO: Azure Database for MySQL - Single Server
Azure Database for MySQL - Single Server is on the retirement path. We strongly recommend for you to upgrade to Azure Database for MySQL - Flexible Server. For more information about migrating to Azure Database for MySQL - Flexible Server, see What's happening to Azure Database for MySQL Single Server?
This article describes how you can configure an Azure Database for MySQL server to enforce minimum TLS version allowed for connections to go through and deny all connections with lower TLS version than configured minimum TLS version thereby enhancing the network security.
You can enforce TLS version for connecting to their Azure Database for MySQL. Customers now have a choice to set the minimum TLS version for their database server. For example, setting this Minimum TLS version to 1.0 means you shall allow clients connecting using TLS 1.0,1.1 and 1.2. Alternatively, setting this to 1.2 means that you only allow clients connecting using TLS 1.2+ and all incoming connections with TLS 1.0 and TLS 1.1 will be rejected.
To complete this how-to guide, you need:
Set TLS configurations for Azure Database for MySQL
Follow these steps to set MySQL server minimum TLS version:
In the Azure portal, select your existing Azure Database for MySQL server.
On the MySQL server page, under Settings, click Connection security to open the connection security configuration page.
In Minimum TLS version, select 1.2 to deny connections with TLS version less than TLS 1.2 for your MySQL server.
Click Save to save the changes.
A notification will confirm that connection security setting was successfully enabled and in effect immediately. There is no restart of the server required or performed. After the changes are saved, all new connections to the server are accepted only if the TLS version is greater than or equal to the minimum TLS version set on the portal.
- Learn about how to create alerts on metrics