Connecting to Elasticache Redis with TLS enabled (in-transit encryption)

Our Discourse uses Redis cluster created in Amazon Elasticache which allows enabling in-transit encryption (TLS). However, once we enable TLS on Elasticache Discourse fails to connect to the Redis.

Looks like Discourse doesn’t support this, although redis-rb client does as mentioned in the similar issue here Redis::ConnectionError: Connection lost (ECONNRESET) when using ElastiCache with TLS enabled · Issue #771 · redis/redis-rb · GitHub

2 Likes

I’m adding pr-welcome on that. Feel free to submit one @Yevhenii_Baraniuk :wink:

3 Likes

Update: I started implementing this feature but faced the problem that hiredis driver which Discourse uses doesn’t support SSL at the moment (as for Jul 2019), though redis-rb client does. I’ll come back to the PR once the new version of hiredis is released which is going to support SSL :slight_smile:

4 Likes

Since hiredis is long dead thanks to @sam I created this PR which adds TLS capabilities to our Redis connections:

https://github.com/discourse/discourse/pull/9119

I’m testing it right now and it works.

4 Likes