11 characters. MASTER_SSL_CRLPATH ------------------ The MASTER_SSL_CRLPATH option for CHANGE MASTER defines a path to a directory that contains one or more PEM files that should each contain one revoked X509 certificate to use for TLS. This option requires that you use the absolute path, not a relative path. The directory specified by this variable needs to be run through the openssl rehash command. This option is only supported if the server was built with OpenSSL. If the server was built with yaSSL, then this option is not supported. See TLS and Cryptography Libraries Used by MariaDB for more information about which libraries are used on which platforms. For example: STOP SLAVE; CHANGE MASTER TO MASTER_SSL_CERT='/etc/my.cnf.d/certificates/server-cert.pem', MASTER_SSL_KEY='/etc/my.cnf.d/certificates/server-key.pem', MASTER_SSL_CA='/etc/my.cnf.d/certificates/ca.pem', MASTER_SSL_VERIFY_SERVER_CERT=1, MASTER_SSL_CRLPATH='/etc/my.cnf.d/certificates/crl/'; START SLAVE; See Secure Connections Overview: Certificate Revocation Lists (CRLs) for more information. The maximum length of MASTER_SSL_CRL_PATH string is 511 characters. MASTER_SSL_KEY -------------- The MASTER_SSL_KEY option for CHANGE MASTER defines a path to a private key file to use for TLS. This option requires that you use the absolute path, not a relative path. For example: STOP SLAVE; CHANGE MASTER TO MASTER_SSL_CERT='/etc/my.cnf.d/certificates/server-cert.pem', MASTER_SSL_KEY='/etc/my.cnf.d/certificates/server-key.pem', MASTER_SSL_CA='/etc/my.cnf.d/certificates/ca.pem', MASTER_SSL_VERIFY_SERVER_CERT=1; START SLAVE; The maximum length of MASTER_SSL_KEY string is 511 characters. MASTER_SSL_CIPHER ----------------- The MASTER_SSL_CIPHER option for CHANGE MASTER defines the list of permitted ciphers or cipher suites to use for TLS. Besides cipher names, if MariaDB was compiled with OpenSSL, this option could be set to "SSLv3" or "TLSv1.2" to allow all SSLv3 or all TLSv1.2 ciphers. Note that the TLSv1.3 ciphers cannot be excluded when using OpenSSL, even by using this option. See Using TLSv1.3 for details. For example: STOP SLAVE; CHANGE MASTER TO MASTER_SSL_CERT='/etc/my.cnf.d/certificates/server-cert.pem', MASTER_SSL_KEY='/etc/my.cnf.d/certificates/server-key.pem', MASTER_SSL_CA='/etc/my.cnf.d/certificates/ca.pem', MASTER_SSL_VERIFY_SERVER_CERT=1, MASTER_SSL_CIPHER='TLSv1.2'; START SLAVE; The maximum length of MASTER_SSL_CIPHER string is 511 characters. MASTER_SSL_VERIFY_SERVER_CERT ----------------------------- The MASTER_SSL_VERIFY_SERVER_CERT option for CHANGE MASTER enables server certificate verification. This option is disabled by default prior to MariaDB 11.3.0, and enabled by default from MariaDB 11.3.0. For example: STOP SLAVE; CHANGE MASTER TO MASTER_SSL_CERT='/etc/my.cnf.d/certificates/server-cert.pem', MASTER_SSL_KEY='/etc/my.cnf.d/certificates/server-key.pem', MASTER_SSL_CA='/etc/my.cnf.d/certificates/ca.pem', MASTER_SSL_VERIFY_SERVER_CERT=1; START SLAVE; See Secure Connections Overview: Server Certificate Verification for more information. Binary Log Options ------------------ These options are related to the binary log position on the primary. MASTER_LOG_FILE --------------- The MASTER_LOG_FILE option for CHANGE MASTER can be used along with MASTER_LOG_POS to specify the coordinates at which the replica's I/O thread should begin reading from the primary's binary logs the next time the thread starts. For example: STOP SLAVE; CHANGE MASTER TO MASTER_LOG_FILE='master2-bin.001', MASTER_LOG_POS=4; START SLAVE; The MASTER_LOG_FILE and MASTER_LOG_POS options cannot be specified if the RELAY_LOG_FILE and RELAY_LOG_POS options were also specified. The MASTER_LOG_FILE and MASTER_LOG_POS options are effectively ignored if you enable GTID mode for replication by setting the MASTER_USE_GTID option to some value other than no in the statement. MASTER_LOG_POS -------------- The MASTER_LOG_POS option for CHANGE MASTER can be used along with MASTER_LOG_FILE to specify the coordinates at which the replica's I/O |î¿5