SSL Connection Examples¶
Connecting to a Redis instance via SSL.¶
[5]:
import redis
ssl_connection = redis.Redis(host='localhost', port=6666, ssl=True, ssl_cert_reqs="none")
ssl_connection.ping()
[5]:
True
Connecting to a Redis instance via a URL string¶
[ ]:
import redis
url_connection = redis.from_url("redis://localhost:6379?ssl_cert_reqs=none&decode_responses=True&health_check_interval=2")
url_connection.ping()
Connecting to a Redis instance via SSL, while specifying a self-signed SSL certificate.¶
[6]:
import os
import redis
ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_cert_conn = redis.Redis(
host="localhost",
port=6666,
ssl=True,
ssl_certfile=ssl_certfile,
ssl_keyfile=ssl_keyfile,
ssl_cert_reqs="required",
ssl_ca_certs=ssl_ca_certs,
)
ssl_cert_conn.ping()
[6]:
True
Connecting to a Redis instance via SSL, and validate the OCSP status of the certificate¶
The redis package is design to be small, meaning extra libraries must be installed, in order to support OCSP stapling. As a result, first install redis via:
pip install redis[ocsp]
This will install cryptography, requests, and PyOpenSSL, none of which are generally required to use Redis.
[ ]:
import os
import redis
ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_cert_conn = redis.Redis(
host="localhost",
port=6666,
ssl=True,
ssl_certfile=ssl_certfile,
ssl_keyfile=ssl_keyfile,
ssl_cert_reqs="required",
ssl_validate_ocsp=True
)
ssl_cert_conn.ping()
True
Connect via SSL, validate OCSP-stapled certificates¶
The redis package is design to be small, meaning extra libraries must be installed, in order to support OCSP stapling. As a result, first install redis via:
pip install redis[ocsp]
This will install cryptography, requests, and PyOpenSSL, none of which are generally required to use Redis.
Using a custom SSL context and validating against an expected certificate¶
[ ]:
import redis
import OpenSSL
ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_expected_certificate = "expected-ocsp-certificate.pem"
# PyOpenSSL is used only for the purpose of validating the ocsp
# stapled response
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.use_certificate_file=ssl_certfile
ctx.use_privatekey_file=ssl_keyfile
expected_certificate = open(ssl_expected_certificate, 'rb').read()
ssl_cert_conn = redis.Redis(
host="localhost",
port=6666,
ssl=True,
ssl_certfile=ssl_certfile,
ssl_keyfile=ssl_keyfile,
ssl_cert_reqs="required",
ssl_ocsp_context=ctx,
ssl_ocsp_expected_cert=expected_certificate,
)
ssl_cert_conn.ping()
True
Naive validation of a stapled OCSP certificate¶
[ ]:
import redis
import OpenSSL
ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_expected_certificate = "expected-ocsp-certificate.pem"
# PyOpenSSL is used only for the purpose of validating the ocsp
# stapled response
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.use_certificate_file=ssl_certfile
ctx.use_privatekey_file=ssl_keyfile
ssl_cert_conn = redis.Redis(
host="localhost",
port=6666,
ssl=True,
ssl_certfile=ssl_certfile,
ssl_keyfile=ssl_keyfile,
ssl_cert_reqs="required",
ssl_validate_ocsp_stapled=True,
)
ssl_cert_conn.ping()