excluded the outdated example code with ljun0712's confirmation

qiancai · qiancai · commit fa2d4f415228 · 2025-10-29T14:02:37.000+08:00
diff --git a/tidb-cloud/premium/tidb-cloud-tls-connect-to-premium.md b/tidb-cloud/premium/tidb-cloud-tls-connect-to-premium.md
@@ -38,249 +38,6 @@ In the [TiDB Cloud console](https://tidbcloud.com/), you can get examples of dif
 
 5. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your instance.
 
-The following examples show the connection strings in MySQL, MyCLI, JDBC, Python, Go, and Node.js:
-
-<SimpleTab>
-<div label="MySQL CLI">
-
-MySQL CLI client attempts to establish a TLS connection by default. When you connect to {{{ .premium }}} instances, you need to set `ssl-mode` and `ssl-ca`.
-
-```shell
-mysql --connect-timeout 15 --ssl-mode=VERIFY_IDENTITY --ssl-ca=ca.pem --tls-version="TLSv1.2" -u root -h tidb.eqlfbdgthh8.clusters.staging.tidb-cloud.com -P 4000 -D test -p
-```
-
-Parameter descriptions:
-
-- With `--ssl-mode=VERIFY_IDENTITY`, MySQL CLI client forces to enable TLS and validate {{{ .premium }}} instances.
-- Use `--ssl-ca=<CA_path>` to specify your local path of the downloaded TiDB instance `ca.pem`.
-- Use `--tls-version=TLSv1.2` to restrict the versions of the TLS protocol. If you want to use TLS 1.3, you can set the version to `TLSv1.3`.
-
-</div>
-
-<div label="MyCLI">
-
-[MyCLI](https://www.mycli.net/) automatically enables TLS when using TLS related parameters. When you connect to {{{ .premium }}} instances, you need to set `ssl-ca` and `ssl-verify-server-cert`.
-
-```shell
-mycli --ssl-ca=ca.pem --ssl-verify-server-cert -u root -h tidb.eqlfbdgthh8.clusters.staging.tidb-cloud.com -P 4000 -D test
-```
-
-Parameter descriptions:
-
-- Use `--ssl-ca=<CA_path>` to specify your local path of the downloaded TiDB instance `ca.pem`.
-- With `--ssl-verify-server-cert` to validate {{{ .premium }}} instances.
-
-</div>
-
-<div label="JDBC">
-
-[MySQL Connector/J](https://dev.mysql.com/doc/connector-j/en/)'s TLS connection configurations are used here as an example.
-
-After downloading the TiDB instance CA certificate, if you want to import it into your operating system, you can use the `keytool -importcert -alias TiDBCACert -file ca.pem -keystore <your_custom_truststore_path> -storepass <your_truststore_password>` command.
-
-```shell
-/* Be sure to replace the parameters in the following connection string. */
-/* version >= 8.0.28 */
-jdbc:mysql://tidb.srgnqxji5bc.clusters.staging.tidb-cloud.com:4000/test?user=root&password=<your_password>&sslMode=VERIFY_IDENTITY&tlsVersions=TLSv1.2&trustCertificateKeyStoreUrl=file:<your_custom_truststore_path>&trustCertificateKeyStorePassword=<your_truststore_password>
-```
-
-You can click **show example usage** to view detailed code examples.
-
-```
-import com.mysql.jdbc.Driver;
-import java.sql.*;
-
-class Main {
-  public static void main(String args[]) throws SQLException, ClassNotFoundException {
-    Class.forName("com.mysql.cj.jdbc.Driver");
-    try {
-      Connection conn = DriverManager.getConnection("jdbc:mysql://tidb.srgnqxji5bc.clusters.staging.tidb-cloud.com:4000/test?user=root&password=<your_password>&sslMode=VERIFY_IDENTITY&tlsVersions=TLSv1.2&trustCertificateKeyStoreUrl=file:<your_custom_truststore_path>&trustCertificateKeyStorePassword=<your_truststore_password>");
-      Statement stmt = conn.createStatement();
-      try {
-        ResultSet rs = stmt.executeQuery("SELECT DATABASE();");
-        if (rs.next()) {
-          System.out.println("using db:" + rs.getString(1));
-        }
-      } catch (Exception e) {
-        System.out.println("exec error:" + e);
-      }
-    } catch (Exception e) {
-      System.out.println("connect error:" + e);
-    }
-  }
-}
-```
-
-Parameter descriptions:
-
-- Set `sslMode=VERIFY_IDENTITY` to enable TLS and validate {{{ .premium }}} instances.
-- Set `enabledTLSProtocols=TLSv1.2` to restrict the versions of the TLS protocol. If you want to use TLS 1.3, you can set the version to `TLSv1.3`.
-- Set `trustCertificateKeyStoreUrl` to your custom truststore path.
-- Set `trustCertificateKeyStorePassword` to your truststore password.
-
-</div>
-
-<div label="Python">
-
-[mysqlclient](https://pypi.org/project/mysqlclient/)'s TLS connection configurations are used here as an example.
-
-```
-host="tidb.srgnqxji5bc.clusters.staging.tidb-cloud.com", user="root", password="<your_password>", port=4000, database="test", ssl_mode="VERIFY_IDENTITY", ssl={"ca": "ca.pem"}
-```
-
-You can click **show example usage** to view detailed code examples.
-
-```
-import MySQLdb
-
-connection = MySQLdb.connect(host="tidb.srgnqxji5bc.clusters.staging.tidb-cloud.com", port=4000, user="root", password="<your_password>", database="test", ssl_mode="VERIFY_IDENTITY", ssl={"ca": "ca.pem"})
-
-with connection:
-    with connection.cursor() as cursor:
-        cursor.execute("SELECT DATABASE();")
-        m = cursor.fetchone()
-        print(m[0])
-```
-
-Parameter descriptions:
-
-- Set `ssl_mode="VERIFY_IDENTITY"` to enable TLS and validate {{{ .premium }}} instances.
-- Use `ssl={"ca": "<CA_path>"}` to specify your local path of the downloaded TiDB instance `ca.pem`.
-
-</div>
-
-<div label="Go">
-
-[Go-MySQL-Driver](https://github.com/go-sql-driver/mysql)'s TLS connection configurations are used here as an example.
-
-```
-rootCertPool := x509.NewCertPool()
-pem, err := ioutil.ReadFile("ca.pem")
-if err != nil {
-    log.Fatal(err)
-}
-if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
-    log.Fatal("Failed to append PEM.")
-}
-mysql.RegisterTLSConfig("tidb", &tls.Config{
-    RootCAs:    rootCertPool,
-    MinVersion: tls.VersionTLS12,
-    ServerName: "tidb.srgnqxji5bc.clusters.staging.tidb-cloud.com",
-})
-
-db, err := sql.Open("mysql", "root:<your_password>@tcp(tidb.srgnqxji5bc.clusters.staging.tidb-cloud.com:4000)/test?tls=tidb")
-```
-
-You can click **show example usage** to view detailed code examples.
-
-```
-package main
-import (
-  "crypto/tls"
-  "crypto/x509"
-  "database/sql"
-  "fmt"
-  "io/ioutil"
-  "log"
-
-  "github.com/go-sql-driver/mysql"
-)
-func main() {
-  rootCertPool := x509.NewCertPool()
-  pem, err := ioutil.ReadFile("ca.pem")
-  if err != nil {
-    log.Fatal(err)
-  }
-  if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
-    log.Fatal("Failed to append PEM.")
-  }
-  mysql.RegisterTLSConfig("tidb", &tls.Config{
-    RootCAs:    rootCertPool,
-    MinVersion: tls.VersionTLS12,
-    ServerName: "tidb.srgnqxji5bc.clusters.staging.tidb-cloud.com",
-  })
-  db, err := sql.Open("mysql", "root:<your_password>@tcp(tidb.srgnqxji5bc.clusters.staging.tidb-cloud.com:4000)/test?tls=tidb")
-  if err != nil {
-    log.Fatal("failed to connect database", err)
-  }
-  defer db.Close()
-
-  var dbName string
-  err = db.QueryRow("SELECT DATABASE();").Scan(&dbName)
-  if err != nil {
-    log.Fatal("failed to execute query", err)
-  }
-  fmt.Println(dbName)
-}
-```
-
-Parameter descriptions:
-
-- Register `tls.Config` in the TLS connection configuration to enable TLS and validate {{{ .premium }}} instances.
-- Set `MinVersion: tls.VersionTLS12` to restrict the versions of TLS protocol.
-- Set `ServerName: "<host>"` to verify {{{ .premium }}}'s hostname.
-- If you do not want to register a new TLS configuration, you can just set `tls=true` in the connection string.
-
-</div>
-
-<div label="Node.js">
-
-[Mysql2](https://www.npmjs.com/package/mysql2)'s TLS connection configurations are used here as an example.
-
-```
-var connection = mysql.createConnection({
-  host: 'tidb.srgnqxji5bc.clusters.staging.tidb-cloud.com',
-  port: 4000,
-  user: 'root',
-  password: '<your_password>',
-  database: 'test',
-  ssl: {
-    ca: fs.readFileSync('ca.pem'),
-    minVersion: 'TLSv1.2',
-    rejectUnauthorized: true
-  }
-});
-```
-
-You can click **show example usage** to view detailed code examples.
-
-```
-var mysql = require('mysql2');
-var fs = require('fs');
-var connection = mysql.createConnection({
-  host: 'tidb.srgnqxji5bc.clusters.staging.tidb-cloud.com',
-  port: 4000,
-  user: 'root',
-  password: '<your_password>',
-  database: 'test',
-  ssl: {
-    ca: fs.readFileSync('ca.pem'),
-    minVersion: 'TLSv1.2',
-    rejectUnauthorized: true
-  }
-});
-connection.connect(function(err) {
-  if (err) {
-    throw err
-  }
-  connection.query('SELECT DATABASE();', function(err, rows) {
-    if (err) {
-      throw err
-    }
-    console.log(rows[0]['DATABASE()']);
-    connection.end()
-  });
-});
-```
-
-Parameter descriptions:
-
-- Set `ssl: {minVersion: 'TLSv1.2'}` to restrict the versions of the TLS protocol. If you want to use TLS 1.3, you can set the version to `TLSv1.3`.
-- Set `ssl: {ca: fs.readFileSync('<CA_path>')}` to read your local CA path of the downloaded TiDB instance `ca.pem`.
-
-</div>
-</SimpleTab>
-
 ## Manage root certificates for {{{ .premium }}}
 
 {{{ .premium }}} uses certificates from [AWS Private Certificate Authority](https://aws.amazon.com/private-ca/) as a Certificate Authority (CA) for TLS connections between clients and {{{ .premium }}} instances. Usually, the private key of the CA certificate is stored securely in AWS-managed hardware security modules (HSMs) that meet [FIPS 140-2 Level 3](https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/3139) security standards.
