diff options
author | Yossi Gottlieb <yossigo@gmail.com> | 2020-12-11 18:31:40 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-11 18:31:40 +0200 |
commit | 8c291b97b95f2e011977b522acf77ead23e26f55 (patch) | |
tree | 14935b675574e1f8f2cc79f90219de537c8fc0f0 /redis.conf | |
parent | 4e064fbab4d310b508593b46ed6ce539aea7aa25 (diff) | |
download | redis-8c291b97b95f2e011977b522acf77ead23e26f55.tar.gz |
TLS: Add different client cert support. (#8076)
This adds a new `tls-client-cert-file` and `tls-client-key-file`
configuration directives which make it possible to use different
certificates for the TLS-server and TLS-client functions of Redis.
This is an optional directive. If it is not specified the `tls-cert-file`
and `tls-key-file` directives are used for TLS client functions as well.
Also, `utils/gen-test-certs.sh` now creates additional server-only and client-only certs and will skip intensive operations if target files already exist.
Diffstat (limited to 'redis.conf')
-rw-r--r-- | redis.conf | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/redis.conf b/redis.conf index 13766171e..849f171bc 100644 --- a/redis.conf +++ b/redis.conf @@ -151,6 +151,18 @@ tcp-keepalive 300 # tls-cert-file redis.crt # tls-key-file redis.key +# Normally Redis uses the same certificate for both server functions (accepting +# connections) and client functions (replicating from a master, establishing +# cluster bus connections, etc.). +# +# Sometimes certificates are issued with attributes that designate them as +# client-only or server-only certificates. In that case it may be desired to use +# different certificates for incoming (server) and outgoing (client) +# connections. To do that, use the following directives: +# +# tls-client-cert-file client.crt +# tls-client-key-file client.key + # Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange: # # tls-dh-params-file redis.dh |