How do I configure a TLS-enabled Redis Enterprise cluster to only accept TLS1.2 traffic?

Last updated 22, Mar 2024

Question

How do I configure a TLS-enabled Redis Enterprise cluster to only accept TLS1.2 traffic?

Answer

You can run the following two commands to set the minimum TLS to 1.2 in both the data path and the control path.

rladmin cluster config min_data_TLS_version 1.2rladmin cluster config min_control_TLS_version 1.2

To get the current TLS version on the server, you can run the following API call and look for the two properties - min_data_TLS_version and min_control_TLS_version.

curl -k -v -L -u "<username>:<password>" --location-trusted -H "Content-type: application/json" -X GET https://<Cluster_FQDN>:9443/v1/cluster

For testing, there is no rladmin command to verify the TLS version connectivity. However, you can use the below OpenSSL command to test it.

# For TLS 1.0openssl s_client -connect <Server IP address>:8443 -tls1# For TLS 1.1openssl s_client -connect <Server IP address>:8443 -tls1_1 # For TLS 1.2openssl s_client -connect <Server IP address>:8443 -tls1_2