)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"19b3e67697f4e2c3f7fff80a8c122bf7975b00fd","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"f6cab090_1a8be479","updated":"2025-10-17 16:19:04.000000000","message":"Needs more detail in the commit message why is this needed","commit_id":"3f6e23f3df30cb07182fc190f2ecee96e06eb320"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"cb2989dfc8546791c856f87420cd22ace968f17d","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"3885c45f_59f4bd69","updated":"2025-10-17 17:06:13.000000000","message":"mTLS is about Mutual authentication. don\u0027t understand how its related to ProxySQL. agree with Michal, please provide more information.","commit_id":"3f6e23f3df30cb07182fc190f2ecee96e06eb320"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"13eca44d41fce5d8af0f4e8af7baf66c8f6d6daa","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"cc86e5eb_44708b86","in_reply_to":"3885c45f_59f4bd69","updated":"2025-10-20 07:47:06.000000000","message":"With `kolla_enable_tls_backend` set to `true`, ProxySQL is configured with mTLS (as the only service managed by Kolla-Ansible). This implies two things in case of certificates managed outside of Kolla tools:\n- any CA rotation gets much more complex, as CA continuity on both database and proxysql nodes is required for mTLS to work (even during rollout window)\n- user needs to obtain certificate with x509v3ext `client_auth` extension, which based on organisation/company policy may be challenging (usually same cert is used for all internal traffic, so SAN IPs for RabbitMQ are also required)","commit_id":"3f6e23f3df30cb07182fc190f2ecee96e06eb320"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"6bcf48c3de5e635fa42524e8611106a7c97db65c","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"96968b18_80134dc3","in_reply_to":"b648806f_75ad5b1c","updated":"2025-10-20 11:22:22.000000000","message":"LOL\n\n`ssl_p2s` fields are used for backend connections from ProxySQL, so if database endpoint is running with TLS, and ProxySQL uses certificate to authenticate to database, doesn\u0027t make it mTLS? [1] Here sections for backend (ProxySQL -\u003e database) and frontend (end client -\u003e ProxySQL) are described :).\n\n[1] https://proxysql.com/documentation/ssl-support","commit_id":"3f6e23f3df30cb07182fc190f2ecee96e06eb320"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"e0b4eb07d359be9ab74a447c053db0821878da45","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"b648806f_75ad5b1c","in_reply_to":"cc86e5eb_44708b86","updated":"2025-10-20 08:10:51.000000000","message":"TLS !\u003d mTLS\n``The key difference is that TLS (Transport Layer Security) authenticates only the server to the client, while mTLS (mutual TLS) authenticates both the client and the server. TLS is like a server checking a visitor\u0027s ID, while mTLS is like both parties checking each other\u0027s ID before allowing entry. This makes mTLS more secure and is used for applications where both parties\u0027 identities must be verified, such as service-to-service communication or IoT devices.``\nhttps://www.google.com/search?q\u003dmtls+vs+tls","commit_id":"3f6e23f3df30cb07182fc190f2ecee96e06eb320"}]}