SSL Connection Examples#
Connecting to a Redis instance via SSL.#
[5]:
import redis
ssl_connection = redis.Redis(host='localhost', port=6666, ssl=True, ssl_cert_reqs="none")
ssl_connection.ping()
[5]:
True
Connecting to a Redis instance via a URL string#
[ ]:
import redis
url_connection = redis.from_url("redis://localhost:6379?ssl_cert_reqs=none&decode_responses=True&health_check_interval=2")
url_connection.ping()
Connecting to a Redis instance using ConnectionPool#
[ ]:
import redis
redis_pool = redis.ConnectionPool(host="localhost", port=6666, connection_class=redis.SSLConnection)
ssl_connection = redis.StrictRedis(connection_pool=redis_pool)
ssl_connection.ping()
Connecting to a Redis instance via SSL, while specifying a self-signed SSL certificate.#
[6]:
import os
import redis
ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_cert_conn = redis.Redis(
host="localhost",
port=6666,
ssl=True,
ssl_certfile=ssl_certfile,
ssl_keyfile=ssl_keyfile,
ssl_cert_reqs="required",
ssl_ca_certs=ssl_ca_certs,
)
ssl_cert_conn.ping()
[6]:
True
Connecting to a Redis instance via SSL, and validate the OCSP status of the certificate#
The redis package is design to be small, meaning extra libraries must be installed, in order to support OCSP stapling. As a result, first install redis via:
pip install redis[ocsp]
This will install cryptography, requests, and PyOpenSSL, none of which are generally required to use Redis.
[ ]:
import os
import redis
ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_cert_conn = redis.Redis(
host="localhost",
port=6666,
ssl=True,
ssl_certfile=ssl_certfile,
ssl_keyfile=ssl_keyfile,
ssl_cert_reqs="required",
ssl_validate_ocsp=True
)
ssl_cert_conn.ping()
True
Connect via SSL, validate OCSP-stapled certificates#
The redis package is design to be small, meaning extra libraries must be installed, in order to support OCSP stapling. As a result, first install redis via:
pip install redis[ocsp]
This will install cryptography, requests, and PyOpenSSL, none of which are generally required to use Redis.
Using a custom SSL context and validating against an expected certificate#
[ ]:
import redis
import OpenSSL
ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_expected_certificate = "expected-ocsp-certificate.pem"
# PyOpenSSL is used only for the purpose of validating the ocsp
# stapled response
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.use_certificate_file=ssl_certfile
ctx.use_privatekey_file=ssl_keyfile
expected_certificate = open(ssl_expected_certificate, 'rb').read()
ssl_cert_conn = redis.Redis(
host="localhost",
port=6666,
ssl=True,
ssl_certfile=ssl_certfile,
ssl_keyfile=ssl_keyfile,
ssl_cert_reqs="required",
ssl_ocsp_context=ctx,
ssl_ocsp_expected_cert=expected_certificate,
)
ssl_cert_conn.ping()
True
Naive validation of a stapled OCSP certificate#
[ ]:
import redis
import OpenSSL
ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_expected_certificate = "expected-ocsp-certificate.pem"
# PyOpenSSL is used only for the purpose of validating the ocsp
# stapled response
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.use_certificate_file=ssl_certfile
ctx.use_privatekey_file=ssl_keyfile
ssl_cert_conn = redis.Redis(
host="localhost",
port=6666,
ssl=True,
ssl_certfile=ssl_certfile,
ssl_keyfile=ssl_keyfile,
ssl_cert_reqs="required",
ssl_validate_ocsp_stapled=True,
)
ssl_cert_conn.ping()