summaryrefslogtreecommitdiff
path: root/redis.conf
diff options
context:
space:
mode:
authorYossi Gottlieb <yossigo@gmail.com>2019-09-12 10:56:54 +0300
committerYossi Gottlieb <yossigo@gmail.com>2019-10-07 21:06:13 +0300
commitb087dd1db60ed23d9e59304deb0b1599437f6e23 (patch)
tree0533b9d4d626af5ab4b5fdb5d4a2eb500b12c163 /redis.conf
parentf4d37173fef8a020fe99a7b98e32a9201113cc09 (diff)
downloadredis-b087dd1db60ed23d9e59304deb0b1599437f6e23.tar.gz
TLS: Connections refactoring and TLS support.
* Introduce a connection abstraction layer for all socket operations and integrate it across the code base. * Provide an optional TLS connections implementation based on OpenSSL. * Pull a newer version of hiredis with TLS support. * Tests, redis-cli updates for TLS support.
Diffstat (limited to 'redis.conf')
-rw-r--r--redis.conf44
1 files changed, 44 insertions, 0 deletions
diff --git a/redis.conf b/redis.conf
index 50ba823ac..2af422a93 100644
--- a/redis.conf
+++ b/redis.conf
@@ -129,6 +129,50 @@ timeout 0
# Redis default starting with Redis 3.2.1.
tcp-keepalive 300
+################################# TLS/SSL #####################################
+
+# By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration
+# directive can be used to define TLS-listening ports. To enable TLS on the
+# default port, use:
+#
+# port 0
+# tls-port 6379
+
+# Configure a X.509 certificate and private key to use for authenticating the
+# server to connected clients, masters or cluster peers. These files should be
+# PEM formatted.
+#
+# tls-cert-file redis.crt tls-key-file redis.key
+
+# Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange:
+#
+# tls-dh-params-file redis.dh
+
+# Configure a CA certificate(s) bundle to authenticate TLS/SSL clients and
+# peers.
+#
+# tls-ca-cert-file ca.crt
+
+# If TLS/SSL clients are required to authenticate using a client side
+# certificate, use this directive.
+#
+# Note: this applies to all incoming clients, including replicas.
+#
+# tls-auth-clients yes
+
+# If TLS/SSL should be used when connecting as a replica to a master, enable
+# this configuration directive:
+#
+# tls-replication yes
+
+# If TLS/SSL should be used for the Redis Cluster bus, enable this configuration
+# directive.
+#
+# NOTE: If TLS/SSL is enabled for Cluster Bus, mutual authentication is always
+# enforced.
+#
+# tls-cluster yes
+
################################# GENERAL #####################################
# By default Redis does not run as a daemon. Use 'yes' if you need it.