Add Jedis SSL support for redis cache communication #50
Comments
|
@nynymike let me know if we need it in 3.1.1 |
tecoholic
changed the title
|
Presently oxAuth via Jedis, communicates in plain TCP with redis cache. In order to secure the communication, use the SSL support available in Jedis and send the data to redis via SSL. |
tecoholic
changed the title
|
If Jedis can send communications via SSL to redis, and redis has no SSL capabilities out of the box, how would this be implemented? Does it store the data encrypted? |
|
@afroDC then it will not work I guess. Redis must have SSL configured. SSL is transport, it has nothing to do with data storage. |
|
I'm curious as to what Jedis SSL is even for. |
|
@afroDC It's for secure connection. Please check redis docs. It clearly suggest to use proxy for SSL, see here |
|
Right, we're using stunnel for our cluster manager application to handle all over the internet communications. I suppose you would only need to install an stunnel client on 1 end, vs both ends if we used Jedis SSL. |
|
We already looked at these options and decided to use stunnel. |
|
Right, with this SSL support stunnel would be required only on one end. Anyway, if I got @nynymike it's not priority because we have solution, unscheduled it from 3.1.2 milestone and put it for future. We can schedule it at any time if required. |
|
As requested by @afroDC I've added two more parameters to RedisConfiguraiton class
|
|
Is it implemented? |
|
It is partly done. Main use case is cluster connection. Jedis does not support SSL with cluster however there is PR here. So in future with next version of jedis that contains that PR we should be able to finish it. For now we stick to stunnel. |
|
PR is merged into jedis master but it's not released yet in latest official https://github.com/xetorthio/jedis/blob/3.0/src/main/java/redis/clients/jedis/JedisCluster.java Moved ticket to 4.1. |
No description provided.
The text was updated successfully, but these errors were encountered: