SSL Connection Examples#

Connecting to a Redis instance via SSL.#

[5]:
import redis

ssl_connection = redis.Redis(host='localhost', port=6666, ssl=True, ssl_cert_reqs="none")
ssl_connection.ping()
[5]:
True

Connecting to a Redis instance via a URL string#

[ ]:
import redis
url_connection = redis.from_url("redis://localhost:6379?ssl_cert_reqs=none&decode_responses=True&health_check_interval=2")
url_connection.ping()

Connecting to a Redis instance via SSL, while specifying a self-signed SSL certificate.#

[6]:
import os
import redis

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_ca_certs=ssl_ca_certs,
)
ssl_cert_conn.ping()
[6]:
True

Connecting to a Redis instance via SSL, and validate the OCSP status of the certificate#

The redis package is design to be small, meaning extra libraries must be installed, in order to support OCSP stapling. As a result, first install redis via:

pip install redis[ocsp]

This will install cryptography, requests, and PyOpenSSL, none of which are generally required to use Redis.

[ ]:
import os
import redis

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_validate_ocsp=True
)
ssl_cert_conn.ping()
True

Connect via SSL, validate OCSP-stapled certificates#

The redis package is design to be small, meaning extra libraries must be installed, in order to support OCSP stapling. As a result, first install redis via:

pip install redis[ocsp]

This will install cryptography, requests, and PyOpenSSL, none of which are generally required to use Redis.

Using a custom SSL context and validating against an expected certificate#

[ ]:
import redis
import OpenSSL

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_expected_certificate = "expected-ocsp-certificate.pem"

# PyOpenSSL is used only for the purpose of validating the ocsp
# stapled response
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.use_certificate_file=ssl_certfile
ctx.use_privatekey_file=ssl_keyfile
expected_certificate = open(ssl_expected_certificate, 'rb').read()

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_ocsp_context=ctx,
    ssl_ocsp_expected_cert=expected_certificate,
)
ssl_cert_conn.ping()
True

Naive validation of a stapled OCSP certificate#

[ ]:
import redis
import OpenSSL

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_expected_certificate = "expected-ocsp-certificate.pem"

# PyOpenSSL is used only for the purpose of validating the ocsp
# stapled response
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.use_certificate_file=ssl_certfile
ctx.use_privatekey_file=ssl_keyfile

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_validate_ocsp_stapled=True,
)
ssl_cert_conn.ping()