SSL Connection Examples

Connecting to a Redis instance via SSL.

[5]:
import redis

ssl_connection = redis.Redis(host='localhost', port=6666, ssl=True, ssl_cert_reqs="none")
ssl_connection.ping()
[5]:
True

Connecting to a Redis instance via a URL string

[ ]:
import redis
url_connection = redis.from_url("redis://localhost:6379?ssl_cert_reqs=none&decode_responses=True&health_check_interval=2")
url_connection.ping()

Connecting to a Redis instance via SSL, while specifying a self-signed SSL certificate.

[6]:
import os
import redis

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_ca_certs=ssl_ca_certs,
)
ssl_cert_conn.ping()
[6]:
True

Connecting to a Redis instance via SSL, and validate the OCSP status of the certificate

The redis package is design to be small, meaning extra libraries must be installed, in order to support OCSP stapling. As a result, first install redis via:

pip install redis[ocsp]

This will install cryptography, requests, and PyOpenSSL, none of which are generally required to use Redis.

[ ]:
import os
import redis

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_validate_ocsp=True
)
ssl_cert_conn.ping()
True

Connect via SSL, validate OCSP-stapled certificates

The redis package is design to be small, meaning extra libraries must be installed, in order to support OCSP stapling. As a result, first install redis via:

pip install redis[ocsp]

This will install cryptography, requests, and PyOpenSSL, none of which are generally required to use Redis.

Using a custom SSL context and validating against an expected certificate

[ ]:
import redis
import OpenSSL

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_expected_certificate = "expected-ocsp-certificate.pem"

# PyOpenSSL is used only for the purpose of validating the ocsp
# stapled response
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.use_certificate_file=ssl_certfile
ctx.use_privatekey_file=ssl_keyfile
expected_certificate = open(ssl_expected_certificate, 'rb').read()

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_ocsp_context=ctx,
    ssl_ocsp_expected_cert=expected_certificate,
)
ssl_cert_conn.ping()
True

Naive validation of a stapled OCSP certificate

[ ]:
import redis
import OpenSSL

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_expected_certificate = "expected-ocsp-certificate.pem"

# PyOpenSSL is used only for the purpose of validating the ocsp
# stapled response
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.use_certificate_file=ssl_certfile
ctx.use_privatekey_file=ssl_keyfile

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_validate_ocsp_stapled=True,
)
ssl_cert_conn.ping()