Currently, when connecting to Redis with Sentinel, the servername attribute required for the SNI (Server Name Indication) TLS extension is not updated. Therefore, in cases where the connection relies on SNI, connections will fail as SNI routing cannot be properly handled.
This issue is caused by the dynamic nature of Redis instances handled by Sentinel. Even though the servername attribute can be set on the tls object on connection, it would need to be set to the host of the current master instance which is unknown at the point of connection and can change in case of failover events. Therefore a solution which dynamically assigns the servername attribute according to the current master is necessary.
This PR adds a flag enableDynamicSNIForSentinelMode to SentinelConnectionOptions which dynamically sets the servername attribute on the Redis instance Sentinel has elected to connect to.
The flag only works in combination with enableTLSForSentinelMode and tls on the SentinelConnectionOptions object.
This PR addresses this issue.
The PR does not break existing behaviour and ensures backwards compatibility of the ioredis library. Appropriate tests and updates to the Readme are included.
Currently, when connecting to Redis with Sentinel, the
servernameattribute required for the SNI (Server Name Indication) TLS extension is not updated. Therefore, in cases where the connection relies on SNI, connections will fail as SNI routing cannot be properly handled. This issue is caused by the dynamic nature of Redis instances handled by Sentinel. Even though theservernameattribute can be set on thetlsobject on connection, it would need to be set to the host of the current master instance which is unknown at the point of connection and can change in case of failover events. Therefore a solution which dynamically assigns theservernameattribute according to the current master is necessary.This PR adds a flag
enableDynamicSNIForSentinelModetoSentinelConnectionOptionswhich dynamically sets theservernameattribute on the Redis instance Sentinel has elected to connect to.The flag only works in combination with
enableTLSForSentinelModeandtlson theSentinelConnectionOptionsobject.This PR addresses this issue. The PR does not break existing behaviour and ensures backwards compatibility of the ioredis library. Appropriate tests and updates to the Readme are included.