SSL/TLS is supported by Redis starting with version 6 as an optional feature that needs to be enabled at compile time.
To build with TLS support you'll need OpenSSL development libraries (e.g. libssl-dev on Debian/Ubuntu).
Run make BUILD_TLS=yes.
To run Redis test suite with TLS, you'll need TLS support for TCL (i.e. tcl-tls package on Debian/Ubuntu).
Run ./utils/gen-test-certs.sh to generate a root CA and a server certificate.
Run ./runtest --tls or ./runtest-cluster --tls to run Redis and Redis Cluster tests in TLS mode.
To manually run a Redis server with TLS mode (assuming gen-test-certs.sh was invoked so sample certificates/keys are available):
To connect to this Redis server with redis-cli:
In order to support TLS, Redis must be configured with a X.509 certificate and a private key. In addition, it is necessary to specify a CA certificate bundle file or path to be used as a trusted root when validating certificates. To support DH based ciphers, a DH params file can also be configured. For example:
The tls-port configuration directive enables accepting SSL/TLS connections on the specified port. This is in addition to listening on port for TCP connections, so it is possible to access Redis on different ports using TLS and non-TLS connections simultaneously.
You may specify port 0 to disable the non-TLS port completely. To enable only TLS on the default Redis port, use:
By default, Redis uses mutual TLS and requires clients to authenticate with a valid certificate (authenticated against trusted root CAs specified by ca-cert-file or ca-cert-dir).
You may use tls-auth-clients no to disable client authentication.
A Redis master server handles connecting clients and replica servers in the same way, so the above tls-port and tls-auth-clients directives apply to replication links as well.
On the replica server side, it is necessary to specify tls-replication yes to use TLS for outgoing connections to the master.
When Redis Cluster is used, use tls-cluster yes in order to enable TLS for the cluster bus and cross-node connections.
Sentinel inherits its networking configuration from the common Redis configuration, so all of the above applies to Sentinel as well.
When connecting to master servers, Sentinel will use the tls-replication directive to determine if a TLS or non-TLS connection is required.
Additional TLS configuration is available to control the choice of TLS protocol versions, ciphers and cipher suites, etc. Please consult the self documented redis.conf for more information.
TLS adds a layer to the communication stack with overheads due to writing/reading to/from an SSL connection, encryption/decryption and integrity checks. Consequently, using TLS results in a decrease of the achievable throughput per Redis instance (for more information refer to this discussion).
I/O threading is currently not supported with TLS.
TLS Support Redis
- NetApp ONTAP Achieves Validation from NSA for Security and Encryption - Database Trends and Applications - January 24th, 2022
- Attack on the Red Cross, UK against end-to-end encryption and other cybersecurity developments - The Times Hub - January 24th, 2022
- Stop email tracking with encrypted email from ProtonMail - Geeky Gadgets - January 24th, 2022
- NSA gains new cybersecurity authorities over national security systems - SC Media - January 24th, 2022
- UK Government Apparently Hoping It Can Regulate End-To-End Encryption Out Of Existence - Techdirt - January 12th, 2022
- Android Encryption on the rise: Do I need To encrypt my smartphone? - Phandroid - News for Android - January 12th, 2022
- The Next Evolution of the Database Sharding Architecture - InfoQ.com - January 12th, 2022
- Encryption Software Market Scope and overview, with Highest growth in the near future by leading key players - Taiwan News - January 12th, 2022
- CGV Research | Why Solana May Become the iOS of the Encrypted World? - NewsBTC - January 12th, 2022
- Swiss Army Bans WhatsApp And Other Foreign Encrypted Messaging Services - Lowyat.NET - January 12th, 2022
- Organic aggregates: new insights on white light - EurekAlert - January 12th, 2022
- You'll have to spell out an encryption law - BollyInside - January 12th, 2022
- NEC develops secure biometric authentication tech to enable certification with encrypted face information - Japan Today - December 22nd, 2021
- Experts warn against Originator Traceability Proposals that weaken Encryption - ThePrint - December 22nd, 2021
- Encrypt your emails from end to end for a lifetime with this software - TechRepublic - December 22nd, 2021
- Barrowford man who used encrypted phones to deal drugs jailed for more than 11 years - Burnley Express - December 22nd, 2021
- 'I'm a big believer in encryption technology,' says the former chairman of the US SEC. - BollyInside - December 22nd, 2021
- 5 upcoming WhatsApp features: New call interface, quick replies and more - The Indian Express - December 22nd, 2021
- Cloud Encryption Technology Market Growth Opportunities, Driving Factors by Manufacturers, Regions, Type and Application, Forecast Analysis to 2027 -... - December 22nd, 2021
- Metas Biggest Encrypted Messaging Mistake Was Its Promise - WIRED - December 3rd, 2021
- VeraCrypt 1.25 drops Windows 8.1 and 7, and Mac OS 10.8 and earlier support - Ghacks Technology News - December 3rd, 2021
- GBT is Enhancing qTerm's Cybersecurity Technology to Provide a Higher Level of Data Protection For its Users - GlobeNewswire - December 3rd, 2021
- What is Encryption? Definition, Types & Benefits | Fortinet - November 29th, 2021
- Decentralising end-to-end encryption with a new security protocol - The Hindu - November 29th, 2021
- Device encryption in Windows - November 29th, 2021
- How to Enable end-to-end Encryption for one-to-one Calls in Microsoft Teams - BollyInside - November 29th, 2021
- How the 5G industrial IoT will change different verticals - IT Brief New Zealand - November 29th, 2021
- Boxcryptor protects business data in Microsoft Teams with end-to-end encryption features - Help Net Security - November 25th, 2021
- NordLocker goes mobile: Encrypt your files on iOS and Android now with 60% off - GlobeNewswire - November 25th, 2021
- How Does End-To-End Encryption Works In WhatsApp? - Wales247 - November 25th, 2021
- Email Encryption Market Research Report by Type, by Component, by Industry, by Deployment, by Region - Global Forecast to 2026 - Cumulative Impact of... - November 25th, 2021
- Yes, ransomware is your number one security nightmare. But heres how to sleep easy - The Register - November 25th, 2021
- How To Talk to Strangers Where No One Can See You - The Phoenix - Swarthmore College The Phoenix Online - November 20th, 2021
- How to Encrypt WhatsApp Chat Backups with End-to-End Encryption in iCloud - BollyInside - November 20th, 2021
- Vaultree's Executive Team and Advisors Drive Innovation in the Cybersecurity Industry - Yahoo Finance - November 20th, 2021
- Will you be ready when quantum breaks encryption? Steps to take now to prepare - Lexology - November 17th, 2021
- If cybercriminals cant see data because its encrypted, they have nothing to steal - The Register - November 17th, 2021
- Why You Should Encrypt Your WhatsApp Backups in iCloud - Lifehacker - November 17th, 2021
- Cape Privacy Forges Partnership with Snowflake, Enabling Financial Services Organizations to Use Encrypted Data for Predictive Modeling in the Cloud -... - November 17th, 2021
- UK Government awards 555k to help fund new ways to protect children within end-to-end encrypted environments - ResponseSource - November 17th, 2021
- WhatsApp starts rolling out end-to-end encryption for ... - November 15th, 2021
- Quantum Xchange Collaborates with Thales to Enable Quantum-Safe Key Delivery Across Any Distance, Over Any Network Media - Yahoo Finance - November 15th, 2021
- Thrio Reduces Risk of Data Loss with Global Redaction and Encryption - WFMZ Allentown - November 15th, 2021
- When it comes to securing systems against quantum computers, there is no one-size-fits-all solution - Help Net Security - November 15th, 2021
- Hacking group says it has found encryption keys needed to unlock the PS5 [Updated] - Ars Technica - November 15th, 2021
- Opposition Parties 'Surprised' by Lack of Encryption Amid Cyber Attack - VOCM - November 15th, 2021
- Everything Blockchain Announces OEM License of Its Zero Trust Data Access Platform - GlobeNewswire - November 15th, 2021
- Alexander: Turn off the more complex encryption in Windows 11 Pro - Minneapolis Star Tribune - November 8th, 2021
- Encryption, inequality and Zero DOM: 6 pocket listing takeaways - Inman - November 8th, 2021
- Apple Can Secretly Read Your WhatsApp MessagesThis Is How To Stop It - Forbes - November 8th, 2021
- The double-edged sword of encryption - TechRadar - November 8th, 2021
- An Open Letter to City Council and the City Manager on Police Encryption. Category: Public Comment from The Berkeley Daily Planet - Berkeley Daily... - November 8th, 2021
- PSD2 & Open Banking Biometric Authentication Market Research Report by Function, by End Users, by Region - Global Forecast to 2026 - Cumulative... - November 8th, 2021
- WhatsApp to alert users with new security code. Read why - Mint - November 8th, 2021
- Cloud Encryption Service Market Size and Overview: 2021, Industry Share, Key Developments, Geographic Comparison, and Drivers till 2028 Bolivar... - November 8th, 2021
- Cloud Encryption Market Revenue, Share, Size and Trend Analysis 2021 to 2027 LSMedia - LSMedia - November 8th, 2021
- RCMP wants to use AI to learn passwords in investigations, but experts warn of privacy risks - The Globe and Mail - November 8th, 2021
- EXPLAINED: Why End-To-End Encryption May Not Mean That Nobody Can Read Your WhatsApp Chats - News18 - October 30th, 2021
- Only 17% of US Companies Encrypt Over Half of Their Cloud Data - WebProNews - October 30th, 2021
- Database Encryption Market To Witness the Highest Growth Globally in Coming Years 2020-2025 | Intel Security (Mcafee), Microsoft Corporation,... - October 30th, 2021
- Encryption Software Market Size To Record A Substantially CAGR Over 2017-2030 Puck77 - Puck77 - October 30th, 2021
- Growth Prospects of Cloud Encryption Gateways Market: Business Outlook 2021-2026 by Oracle, IBM, Microsoft, Salesforce, Vormetric, Ciphercloud, and... - October 30th, 2021
- Homomorphic Encryption Market Growth Overview of Top Companies : Microsoft,IBM Corporation,Galois,CryptoExperts,Enveil,Duality... - October 30th, 2021
- Messenger: from now on, voice and video calls will have end-to-end encryption MRT - Market Research Telecast - October 30th, 2021
- Encryption Key Management Market Growth Overview of Top Companies : Thales Group, IBM, Egnyte, Google, Alibaba Cloud Computing, Box, Amazon,... - October 30th, 2021
- Google Drive Alternatives: Improving Privacy and Security - TechSpot - October 30th, 2021
- Future Growth Of IoT Security Solution for Encryption Market by New Business Developments, Innovations, And Top Companies - Forecast To 2026 -... - October 30th, 2021
- If WhatsApp chats are end-to-end encrypted, how are personal chats of celebs leaking? - BGR India - October 30th, 2021
- WhatsApp rolls out encryption for chats backed up in the cloud - Mashable - October 17th, 2021
- WhatsApp now lets users encrypt their chat backups in the cloud - TechCrunch - October 17th, 2021
- Meet the Alliance for Encryption in Latin America and the Caribbean - EFF - October 17th, 2021
- Apples plan to scan images will allow governments into smartphones - The Guardian - October 17th, 2021
- WhatsApp to bring in encryption for backup chats after privacy fears - The Guardian - October 15th, 2021
- WhatsApp end-to-end encrypted backups are rolling out on both Android and iOS - GSMArena.com news - GSMArena.com - October 15th, 2021
- Encryption: Why security threats coast under the radar - Philstar.com - October 15th, 2021
- Encryption Management Solutions Market 2021 : Industry Analysis ,Size, Share, Revenue, Prominent Players, Developing Technologies, Tendencies and... - October 15th, 2021
- Signal >> Documentation - October 12th, 2021
- Encryption Consulting announces their first-ever virtual conference - "Encryption Consulting Virtual conference 2021." - Tyler Morning... - October 12th, 2021
- [Update: Rolling out] WhatsApp adds end-to-end encryption for Android cloud backups - 9to5Google - October 12th, 2021
- Homomorphic Encryption Market New Coming Industry to Witness Great Growth Opportunities in Coming Years From 2021 to 2027: Microsoft (US), IBM... - October 12th, 2021