You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue: Redis client successfully creates SSL connections to AWS Elasticache redis server even though the hostname looks like "redis.example.com". Expectation: SSL connection must fail because the AWS Elasticache server will return a ssl certificate issued to "*.example.ma443f.use1.cache.amazonaws.com"
I don't have a great answer for this as the code was added in a PR. One guess is that many users have created encrypted connections via tunnels and perhaps that kind of setup doesn't want hostname validation.
I've added an ssl_check_hostname option that specifies how to handle this. By default ssl_check_hostname=False to maintain backwards compatibility but you easy flip it to True for your use case.
Issue: Redis client successfully creates SSL connections to AWS Elasticache redis server even though the hostname looks like "redis.example.com".
Expectation: SSL connection must fail because the AWS Elasticache server will return a ssl certificate issued to "*.example.ma443f.use1.cache.amazonaws.com"
We are using the connection pool like this
Note that ssl_cert_requs='requred' is set with the expectation that SSL and hostname check will be enforced.
However the _connect method in redis/connection.py explicitly sets check_hostname to False.
Why does it set check_hostname to False?
The text was updated successfully, but these errors were encountered: