If the connections between the client and MySQL server are not encrypted, anyone who has access to the network could inspect the data. If the client and server are in different data centers, it is recommended to use encrypted connections. By default, MySQL 8 uses an encrypted connection, but if the encrypted connection fails, it falls back to an unencrypted connection. You can test that by checking the status of the Ssl_cipher variable. If the connection is established by localhost, cipher won't be used:
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.00 sec)
If you are not using SSL, Ssl_cipher will be blank.
You can mandate...