Skip to content

Support Lettuce SSL/TLS Verification Modes #2899

New issue
New issue
Closed
Closed
Support Lettuce SSL/TLS Verification Modes#2899
Labels
type: enhancementA general enhancement
Milestone
 
3.4 M1 (2024.1.0)
@philsttr

Description

@philsttr
philsttr
opened on Apr 21, 2024

Lettuce 6.1.0.RELEASE added support for three SSL/TLS verification modes (SslVerifyMode):

  • NONE (corresponds with setVerifyPeer(false))
  • CA (only verifies the CA and cert, without verifying the hostname matches)
  • FULL (corresponds with setVerifyPeer(true))

The new CA mode is most helpful for cluster mode, where the seed connection is made via hostname (and thus matches hostnames in the certificate), but then cluster node connections are made by IP address (which typically do not appear in SubjectAltNames of the certificate, particularly for redis instances from cloud providers).

Currently, Spring Data Redis only supports setVerifyPeer(boolean). I would like Spring Data Redis to support the three verification modes that Lettuce >= 6.1 now supports.

Activity

spring-projects-issues
added
status: waiting-for-triageAn issue we've not yet triaged
on Apr 21, 2024
mp911de
added
type: enhancementA general enhancement
and removed
status: waiting-for-triageAn issue we've not yet triaged
on Apr 22, 2024
philsttr

philsttr commented on Apr 22, 2024

@philsttr
philsttr
on Apr 22, 2024
Author

Also somewhat related, I filed redis/lettuce#2837 to request an enhancement to verification modes to better secure connecting to redis in cluster mode from cloud providers.

AnneMayor

AnneMayor commented on May 28, 2024

@AnneMayor
AnneMayor
on May 28, 2024
Contributor

I think this is a good issue to approach for me. I am going to open PR within this weekend :)

AnneMayor

AnneMayor commented on Jun 2, 2024

@AnneMayor
AnneMayor
on Jun 2, 2024 · edited by AnneMayor
Contributor

Since I have to do my work as soon as quickly I am going to open this PR until the end of June. Thanks.

baojian123
mentioned this on Jun 30, 2024
baojian123

baojian123 commented on Jun 30, 2024

@baojian123
baojian123
on Jun 30, 2024
Contributor

Hi @AnneMayor, I have opened a PR on this issue.

AnneMayor

AnneMayor commented on Jun 30, 2024

@AnneMayor
AnneMayor
on Jun 30, 2024
Contributor

Thank, @baojian123 👍

mp911de
added this to the 3.4 M1 (2024.1.0) milestone on Aug 8, 2024
mp911de
closed this as completedin b41547eon Aug 8, 2024
mp911de
added a commit that references this issue on Aug 8, 2024

Polishing.

ba2c9ba
pull
added a commit that references this issue on Aug 11, 2024

Replace Lettuce's verifyPeer with verifyMode.

b41547e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    type: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

      Development

      Participants

      @mp911de@philsttr@AnneMayor@baojian123@spring-projects-issues

      Issue actions
        Support Lettuce SSL/TLS Verification Modes · Issue #2899 · spring-projects/spring-data-redis