FG
๐Ÿ—„๏ธ Databases

Support for Redis native TLS

Freshabout 21 hours ago
Mar 14, 20260 views
Confidence Score54%
54%

Problem

I couldn't find an existing issue about this so asking here: Redis 6 (currently in rc phase) supports TLS natively. Details here: https://redis.io/topics/encryption I built Redis 6 with TLS support and created certs as instructed in Redis `TLS.md` file. I then tried to connect to it using ioredis: [code block] Should this work? My redis instance responds `17266:M 12 Mar 2020 15:12:14.455 Error accepting a client connection: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol`

Error Output

Error accepting a client connection: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol`

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
Unverified Fix
New Fix โ€“ Awaiting Verification

Enable Redis TLS Support in ioredis Configuration

Medium Risk

The error 'unknown protocol' indicates that the client (ioredis) is attempting to connect to the Redis server without using TLS. This typically occurs when the client is not configured to use TLS, or the Redis server is not properly set up to accept TLS connections. The Redis server must be explicitly configured to listen for TLS connections, and the client must be set to connect using the correct protocol.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Verify Redis Configuration for TLS

    Ensure that your Redis server is configured to accept TLS connections. Check the Redis configuration file (redis.conf) for the following settings: 'tls-port' and 'port'. The 'tls-port' should be set to the port you want to use for TLS connections, and the 'port' should be set to 0 to disable non-TLS connections.

    yaml
    tls-port 6379
tls-cert-file /path/to/your/cert.pem
tls-key-file /path/to/your/key.pem
tls-ca-cert-file /path/to/your/ca.pem
  2. 2

    Update ioredis Connection Options

    Modify your ioredis connection code to enable TLS. You need to specify the 'tls' option in the connection configuration. This tells ioredis to use TLS when connecting to the Redis server.

    typescript
    const Redis = require('ioredis');
const redis = new Redis({
  port: 6379, // Redis port
  host: 'your.redis.server', // Redis host
  tls: {}
});
  3. 3

    Test Redis Connection

    After updating the configuration and code, restart your Redis server and run your application to test the connection. Look for any errors in the Redis logs and ensure that your application can connect without issues.

    typescript
    redis.on('connect', () => {
  console.log('Connected to Redis with TLS');
});
  4. 4

    Verify Certificate Validity

    Ensure that the certificates used for TLS are valid and correctly specified in the Redis configuration. If you encounter issues, check the paths to the certificate files and ensure they have the correct permissions.

    bash
    openssl x509 -in /path/to/your/cert.pem -text -noout

Validation

To confirm the fix worked, check the Redis logs for successful connection messages and ensure that your application can interact with Redis without encountering the 'unknown protocol' error. Additionally, you can use a tool like 'openssl s_client' to test the TLS connection to your Redis server.

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

redisiorediscachefeatureredis-6.0