For programs that use the MySQL client library (for example, mysql and mysqldump), MySQL
supports connections to the server based on several transport protocols: TCP/IP, Unix socket file,named pipe, and shared memory.
For a given connection, if the transport protocol is not specified explicitly, it is determined implicitly. For
example, connections to localhost result in a socket file connection on Unix and Unix-like systems,
and a TCP/IP connection to 127.0.0.1 otherwise.
To specify the protocol explicitly, use the --protocol command option. The following table shows the
permissible values for --protocol and indicates the applicable platforms for each value. The values
are not case-sensitive.
Protocol Transport Protocol Platforms Remote Connections Secure by default TLS/SSL encryption TCP TCP/IP All YES NO YES SOCKET Unix socket file Unix and Unix-like systems Only Local YES YES PIPE Named pipe Windows Only Local NO NO MEMORY Shared memory Windows Only Local YES NO
Transport Support for Local and Remote Connections:
TCP/IP transport supports connections to local or remote MySQL servers.
Socket-file, named-pipe, and shared-memory transports support connections only to local MySQL
servers. (Named-pipe transport does allow for remote connections, but this capability is not
implemented in MySQL.)
If the transport protocol is not specified explicitly, localhost is interpreted as follows:
• On Unix and Unix-like systems, a connection to localhost results in a socket-file connection.
• Otherwise, a connection to localhost results in a TCP/IP connection to 127.0.0.1.
If the transport protocol is specified explicitly, localhost is interpreted with respect to that protocol.
For example, with --protocol=TCP, a connection to localhost results in a TCP/IP connection to
127.0.0.1 on all platforms.
Encryption and Security Characteristics:
TCP/IP and socket-file transports are subject to TLS/SSL encryption, using the options described in
Command Options for Encrypted Connections. Named-pipe and shared-memory transports are not
subject to TLS/SSL encryption.
A connection is secure by default if made over a transport protocol that is secure by default. Otherwise,
for protocols that are subject to TLS/SSL encryption, a connection may be made secure using
• TCP/IP connections are not secure by default, but can be encrypted to make them secure.
• Socket-file connections are secure by default. They can also be encrypted, but encrypting a socketfile connection makes it no more secure and increases CPU load.
• Named-pipe connections are not secure by default, and are not subject to encryption to make them secure. However, the named_pipe_full_access_group system variable is available to control
which MySQL users are permitted to use named-pipe connections.
• Shared-memory connections are secure by default.
If the require_secure_transport system variable is enabled, the server permits only connections
that use some form of secure transport. Per the preceding remarks, connections that use TCP/
IP encrypted using TLS/SSL, a socket file, or shared memory are secure connections. TCP/IP
connections not encrypted using TLS/SSL and named-pipe connections are not secure.