By default, Cloud SQL allows unencrypted connections from authorized networks. This is not good, as it allows traffic to be intercepted, possibly leading to a data breach. In order to avoid this, Cloud SQL can be configured to use SSL and optionally block all non-SSL traffic. Managing Cloud SQL SSL requires the Cloud SQL Admin permission or greater. To disable unencrypted traffic from authorized networks, go to the SSL tab and click Allow only SSL Connections, or use the following command:
gcloud sql instances patch <INSTANCE> --require-ssl
Before using SSL, developers must download the Cloud SQL server's CA certificate, use it to generate a client certificate, and upload that client certificate to Cloud SQL. Cloud SQL supports ...