Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support for Redis native TLS

See original GitHub issue

I couldn’t find an existing issue about this so asking here:

Redis 6 (currently in rc phase) supports TLS natively. Details here: https://redis.io/topics/encryption

I built Redis 6 with TLS support and created certs as instructed in Redis TLS.md file. I then tried to connect to it using ioredis:

{
  host: 'localhost',
  tls: {
    key: fs.readFileSync('/Users/ilkkao/redis-6.0-rc2/tests/tls/redis.crt'),
    cert: fs.readFileSync('/Users/ilkkao/redis-6.0-rc2/tests/tls/redis.key'),
    ca: [fs.readFileSync('/Users/ilkkao/redis-6.0-rc2/tests/tls/ca.crt')],
    checkServerIdentity: () => { return null; },
  }
}

Should this work? My redis instance responds

17266:M 12 Mar 2020 15:12:14.455 # Error accepting a client connection: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:16 (6 by maintainers)

Top GitHub Comments

1reaction

GertSallaertscommented, Dec 27, 2021

I’ve contacted Redis Cloud support about this as we are seeing the same issue on our servers, will keep you guys updated as well.

1reaction

manastcommented, Dec 9, 2021

I am currently struggling with this. In redis.com it is possible to configure TLS without requiring client keys, just the CA authority .pem file, so this works using the cli for example (using the “redis fixed certificate” that you can download from your account page)

redis-cli -h redis-xxx.cloud.redislabs.com -p 16261 --tls  --cacert redislabs_ca.pem

Whereas this does not work

const redis = new Redis({
    host: 'hostname',
    port: <port>,
    tls: {
        ca: [ fs.readFileSync('path_to_ca_certfile', 'ascii') ]
    }
});

Give the following error:

 Error: Connection is closed.
        at close (/Users/manuelastudillo/Dev/taskforce/taskforce-backend/node_modules/ioredis/built/redis/event_handler.js:183:25)
        at TLSSocket.<anonymous> (/Users/manuelastudillo/Dev/taskforce/taskforce-backend/node_modules/ioredis/built/redis/event_handler.js:150:20)
        at Object.onceWrapper (events.js:417:26)
        at TLSSocket.emit (events.js:322:22)
        at net.js:672:12
        at TCP.done (_tls_wrap.js:557:7)

Interestingly in the official Redis documentation they only refer to an example using client certificates too: https://docs.redis.com/latest/rs/references/client_references/client_ioredis/

const Redis = require('ioredis');
const fs = require('fs');

const redis = new Redis({
    host: 'hostname',
    port: <port>,
    tls: {
        key: fs.readFileSync('path_to_keyfile', 'ascii'),
        cert: fs.readFileSync('path_to_certfile', 'ascii'),
        ca: [ fs.readFileSync('path_to_ca_certfile', 'ascii') ]
    }
});

Any ideas?