Information
A block encryption mode with a Cipher Block Chaining (CBC) mode value and key length of 256 is recommended when using the AES_ENCRYPT() and AES_DECRYPT() functions for encryption.
Rationale:
The default for backward compatibility on upgraded MySQL databases is aes-128-ecb. Using 128-bit keys does not provide sufficient security. Regardless of whether breaking the lowest level is beyond existing technology, larger key sizes are needed to better protect data and satisfy regulations.
Impact:
Configuring a key length of 256 may impact backwards compatibility.
Solution
Add the following lines to the MySQL server's /etc/my.cnf:
For example, if Block Encryption Mode for aes-256 CBC
block_encryption_mode=aes-256-cbc
Default Value:
aes-128-ecb