I'm already using AWS Elasticache Redis but without "Encryption in-transit". I've created a new small/temp cluster with this Encryption Enabled but I can't connect to it –
redis-cli error: Connection reset by peer
eg: redis-cli -h aws.host.name -p 6379
Note: connects fine when In-Transit Encryption isn't enabled on a Redis Cluster.
I'm sure this is because I'm not using TLS Encryption from the EC2 instance:
"To connect to an in-transit encryption enabled cluster, a database must be enabled for transport layer security (TLS). To connect to a cluster that is not in-transit encryption enabled, the database cannot be TLS-enabled."
Questions:
- I'm really not sure how to enable TLS encryption on EC2. How to I do this? Do I need to use an stunnel or can I use AWS SSL Certs?
- What impact on performance would/could this have?
- I'm also looking at Redis AUTH Password. Is this a big performance hit? I'm guessing if Redis is frequency hit it could well do.
thanks so much.
Best Answer
The standard client, redis-cli doesn't support encryption. There is a list of redis clients which support ssl/TLS encryption at https://redislabs.com/blog/secure-redis-ssl-added-to-redsmin-and-clients/