diff options
author | Yossi Gottlieb <yossigo@gmail.com> | 2019-09-12 10:56:54 +0300 |
---|---|---|
committer | Yossi Gottlieb <yossigo@gmail.com> | 2019-10-07 21:06:13 +0300 |
commit | b087dd1db60ed23d9e59304deb0b1599437f6e23 (patch) | |
tree | 0533b9d4d626af5ab4b5fdb5d4a2eb500b12c163 /redis.conf | |
parent | f4d37173fef8a020fe99a7b98e32a9201113cc09 (diff) | |
download | redis-b087dd1db60ed23d9e59304deb0b1599437f6e23.tar.gz |
TLS: Connections refactoring and TLS support.
* Introduce a connection abstraction layer for all socket operations and
integrate it across the code base.
* Provide an optional TLS connections implementation based on OpenSSL.
* Pull a newer version of hiredis with TLS support.
* Tests, redis-cli updates for TLS support.
Diffstat (limited to 'redis.conf')
-rw-r--r-- | redis.conf | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/redis.conf b/redis.conf index 50ba823ac..2af422a93 100644 --- a/redis.conf +++ b/redis.conf @@ -129,6 +129,50 @@ timeout 0 # Redis default starting with Redis 3.2.1. tcp-keepalive 300 +################################# TLS/SSL ##################################### + +# By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration +# directive can be used to define TLS-listening ports. To enable TLS on the +# default port, use: +# +# port 0 +# tls-port 6379 + +# Configure a X.509 certificate and private key to use for authenticating the +# server to connected clients, masters or cluster peers. These files should be +# PEM formatted. +# +# tls-cert-file redis.crt tls-key-file redis.key + +# Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange: +# +# tls-dh-params-file redis.dh + +# Configure a CA certificate(s) bundle to authenticate TLS/SSL clients and +# peers. +# +# tls-ca-cert-file ca.crt + +# If TLS/SSL clients are required to authenticate using a client side +# certificate, use this directive. +# +# Note: this applies to all incoming clients, including replicas. +# +# tls-auth-clients yes + +# If TLS/SSL should be used when connecting as a replica to a master, enable +# this configuration directive: +# +# tls-replication yes + +# If TLS/SSL should be used for the Redis Cluster bus, enable this configuration +# directive. +# +# NOTE: If TLS/SSL is enabled for Cluster Bus, mutual authentication is always +# enforced. +# +# tls-cluster yes + ################################# GENERAL ##################################### # By default Redis does not run as a daemon. Use 'yes' if you need it. |