Information
MySQL supports multiple protocols of TLS. The higher the version the stronger the security and/or better the performance.
Rationale:
Requiring clients attempting to connect to MySQL to use higher versions of TLS to better protect data in transit.
Impact:
Connections attempting to use an unsupported version of TLS or Cipher will fail.
Solution
Set the version(s) of TLS you wish to accept in mysql.conf specify TLS and Ciphers.
For example to only accept TLS 1.3 set tls_version in my.conf:
tls_version=TLSv1.3
If TLS 1.3 is not supported on the Operating System then set to TLS 1.2:
tls_version=TLSv1.2
Note: with this setting, only clients that support the specified TLS version(s) are able to establish an encrypted connection to the server.
Default Value:
All TLS and cipher versions are enabled by default.