29.12.22.10 The tls_channel

29.12.22.10 The tls_channel_status Table

Connection interface TLS properties are set at server startup, and can be updated at runtime using the ALTER INSTANCE RELOAD TLS statement. See Server-Side Runtime Configuration and Monitoring for Encrypted Connections.

The tls_channel_status table provides information about connection interface TLS properties:

mysql> SELECT * FROM performance_schema.tls_channel_status\G
*************************** 1. row ***************************
 CHANNEL: mysql_main
PROPERTY: Enabled
   VALUE: Yes
*************************** 2. row ***************************
 CHANNEL: mysql_main
PROPERTY: ssl_accept_renegotiates
   VALUE: 0
*************************** 3. row ***************************
 CHANNEL: mysql_main
PROPERTY: Ssl_accepts
   VALUE: 2
...
*************************** 29. row ***************************
 CHANNEL: mysql_admin
PROPERTY: Enabled
   VALUE: No
*************************** 30. row ***************************
 CHANNEL: mysql_admin
PROPERTY: ssl_accept_renegotiates
   VALUE: 0
*************************** 31. row ***************************
 CHANNEL: mysql_admin
PROPERTY: Ssl_accepts
   VALUE: 0
...

The tls_channel_status table has these columns:

CHANNEL
The name of the connection interface to which the TLS property row applies. mysql_main and mysql_admin are the channel names for the main and administrative connection interfaces, respectively. For information about the different interfaces, see Section 7.1.12.1, “Connection Interfaces”.
PROPERTY
The TLS property name. The row for the Enabled property indicates overall interface status, where the interface and its status are named in the CHANNEL and VALUE columns, respectively. Other property names indicate particular TLS properties. These often correspond to the names of TLS-related status variables.
VALUE
The TLS property value.

The properties exposed by this table are not fixed and depend on the instrumentation implemented by each channel.

For each channel, the row with a PROPERTY value of Enabled indicates whether the channel supports encrypted connections, and other channel rows indicate TLS context properties:

For mysql_main, the Enabled property is yes or no to indicate whether the main interface supports encrypted connections. Other channel rows display TLS context properties for the main interface.
For the main interface, similar status information can be obtained using these statements:
```
SHOW GLOBAL STATUS LIKE 'current_tls%';
SHOW GLOBAL STATUS LIKE 'ssl%';
```
For mysql_admin, the Enabled property is no if the administrative interface is not enabled or it is enabled but does not support encrypted connections. Enabled is yes if the interface is enabled and supports encrypted connections.
When Enabled is yes, the other mysql_admin rows indicate channel properties for the administrative interface TLS context only if some nondefault TLS parameter value is configured for that interface. (This is the case if any admin_tls_xxx or admin_ssl_xxx system variable is set to a value different from its default.) Otherwise, the administrative interface uses the same TLS context as the main interface.

The tls_channel_status table has no indexes.

TRUNCATE TABLE is not permitted for the tls_channel_status table.