Unable to connect to Heroku Redis

[adnan-kamili]

Hi,

We use this library in our .NET 5 aspnet application and it works fine in all the places:

Redis inside Docker AWS Elastic Cache (when we set ssl=true in the connection string) In Heroku Redis (free tier when we set ssl=false)

But: In Heroku Redis paid tiers (which has TLS enabled) we get the following error:

Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

So, I updated the connection string (ssl=true):

But now it just times out.

[amul047]

Did you resolve this issue yet?

[mgravell]

Hi. No, AFAIK nothing has happened here yet. Partly because I had coronavirus and was wiped out for many weeks. I will ping heroku and see if they can provide a free endpoint, but: I'm not going to take out a paid tier subscription on my own account, in order to provide free support. I would prefer it if the library worked on as many platforms as possible, though.

[mgravell]

Lol, their support site won't even let me contact them about such an endpoint without paying them first. Still working on it.

On Mon, 15 Mar 2021, 00:13 Aamir Mulla, @.***> wrote:

Did you resolve this issue yet?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/StackExchange/StackExchange.Redis/issues/1679#issuecomment-799008928, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAEHMCQZI57K2O2TQRNCXLTDVGJ5ANCNFSM4XCOFSCA .

[amul047]

Got this working with Ssl set to true and bypassing client certificate validation.

Heroku is great at documenting everything but .net core (second class citizen living in docker) In their Java examples, they talk about Bogus trust manager and disabling verify peer https://devcenter.heroku.com/articles/heroku-redis#connecting-in-java ; this essentially sounds like what I did.

[amul047]

@mgravell I hope you are completely recovered now and thanks for the quick reply (to me) :) I actually used an extension library for .net core over this

[adnan-kamili]

@amul047 What did you add to the REDIS_URL string to disable peer verification

[mgravell]

I'm assuming that this is really about disabling certificate validation, in which case... I would advise caution. The "real" answer here is for heroku to use proper trust chain certificates, or at least publish their certificate authority.

[mgravell]

I have now managed to get in contact with someone re getting access to a test / validation endpoint; maybe we can make this more automatic (and secure).

[amul047]

@adnan-kamili something like this https://stackoverflow.com/a/58410251/3214683

[amul047]

@mgravell Heroku also set these variables for Redis other than the REDIS_URL. I am not fully sure what they mean, couldn't find the documentation.

REDIS_BASTION_REKEYS_AFTER REDIS_BASTIONS

[adnan-kamili]

@mgravell Heroku also adds an REDIS_TLS_URL env variable which starts with rediss://... instead of redis://...

[GingerV1k1ng]

Is there any progress on this topic? Would be great if a more secure solution have been made or is in the works

[versa-dev]

I am facing the same issue on after upgrading to heroku redis (v 6.2.3).

[damianduffy]

Similar issue connecting to Redis v6.2 in Heroku. I'm using python.

[fahim041]

@damianduffy Have you found any way to resolve this issue? Facing the same issue.

[damianduffy]

Hi @fahim041 Yes, I managed to get it working by making a change to the procfile Heroku uses to start services; adding ?ssl_cert_reqs=none to $REDIS_URL. So it's now:

worker: rq worker -u $REDIS_URL?ssl_cert_reqs=none worker_queue

I have also configured REDIS as per the Heroku docs for connecting to REDIS over TLS:

app.redis = Redis(host=url.hostname, port=url.port, password=url.password, ssl=True, ssl_cert_reqs=None)

But this was not enough to get it working. I had to include ?ssl_cert_reqs=none in the procfile.