v.25.8New Feature

Force secure connection for mysql_port and postgresql_port

Published: November 25, 2025

Force secure connection for mysql_port and postgresql_port. #82962 (tiandiwonder).

Force secure connection for mysql_port and postgresql_port.

Why it matters

This feature enhances security by enforcing encrypted connections on MySQL and PostgreSQL protocol ports of ClickHouse, preventing unencrypted data transmission and protecting sensitive information during client-server communication.

How to use it

When this feature is enabled, ClickHouse requires all client connections over mysql_port and postgresql_port to use secure protocols (e.g., SSL/TLS). Users should configure their clients to connect securely. The enforcement is automatic on these ports with no additional configuration needed unless specific certificate setup is required for SSL/TLS.

Related resources

Pull Request #82962