Information
MariaDB supports multiple versions of TLS. The higher the version the stronger the security and/or better the performance.
Rationale:
Requiring clients attempting to connect to MariaDB to use higher versions of TLS to better protect data in transit.
Impact:
Connections attempting to use an unsupported version of TLS will fail.
Solution
Set the version(s) of TLS you wish to accept by setting the tls_version option to a comma-separated (no whitespace) string in MariaDB configuration files.
For example, to only accept TLS 1.2 or 1.3 connections, set tls_version likeso:
tls_version=TLSv1.2,TLSv1.3
Note: with this setting, only clients that support the specified TLS version(s) are able to establish an encrypted connection to the server.
Default Value:
TLSv1.1,TLSv1.2,TLSv1.3