ssl hardening

[doets001]

feature request

I like it to be possible to harden the SSL connection to the ProxySQL. Therefore I like it to be possible to disable certain protocols / ciphers.

For example, I like to disable

• TLS 1 offered (deprecated)
• TLS 1.1 offered (deprecated)

[renecannao]

We need to implement something similar to MySQL's tls_version variable:
https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-protocol-configuration

This can be an Admin variable

[linuxmail]

Hello,

good to see, that there is a patch for it :-) PCI-DSS forces us to disable 1.0 / 1.1 .. so we are waiting to purge Hashicorp Envoy :-)