You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Solution for #2219, allowing explicit configuration of the SSL connection for advanced use cases. This needs some thought, but pitching the general idea here as an option available for the frameworks that support it.
Co-authored-by: slorello <[email protected]>
Co-authored-by: Steve Lorello <[email protected]>
Copy file name to clipboardExpand all lines: docs/Configuration.md
+8-6Lines changed: 8 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -76,26 +76,26 @@ The `ConfigurationOptions` object has a wide range of properties, all of which a
76
76
| abortConnect={bool} |`AbortOnConnectFail`|`true` (`false` on Azure) | If true, `Connect` will not create a connection while no servers are available |
77
77
| allowAdmin={bool} |`AllowAdmin`|`false`| Enables a range of commands that are considered risky |
78
78
| channelPrefix={string} |`ChannelPrefix`|`null`| Optional channel prefix for all pub/sub operations |
79
-
| checkCertificateRevocation={bool} |`CheckCertificateRevocation`|`true`| A Boolean value that specifies whether the certificate revocation list is checked during authentication.|
79
+
| checkCertificateRevocation={bool} |`CheckCertificateRevocation`|`true`| A Boolean value that specifies whether the certificate revocation list is checked during authentication. |
80
80
| connectRetry={int} |`ConnectRetry`|`3`| The number of times to repeat connect attempts during initial `Connect`|
81
81
| connectTimeout={int} |`ConnectTimeout`|`5000`| Timeout (ms) for connect operations |
82
82
| configChannel={string} |`ConfigurationChannel`|`__Booksleeve_MasterChanged`| Broadcast channel name for communicating configuration changes |
83
-
| configCheckSeconds={int} |`ConfigCheckSeconds`|`60`| Time (seconds) to check configuration. This serves as a keep-alive for interactive sockets, if it is supported. |
83
+
| configCheckSeconds={int} |`ConfigCheckSeconds`|`60`| Time (seconds) to check configuration. This serves as a keep-alive for interactive sockets, if it is supported. |
84
84
| defaultDatabase={int} |`DefaultDatabase`|`null`| Default database index, from `0` to `databases - 1`|
85
85
| keepAlive={int} |`KeepAlive`|`-1`| Time (seconds) at which to send a message to help keep sockets alive (60 sec default) |
86
86
| name={string} |`ClientName`|`null`| Identification for the connection within redis |
87
87
| password={string} |`Password`|`null`| Password for the redis server |
88
88
| user={string} |`User`|`null`| User for the redis server (for use with ACLs on redis 6 and above) |
89
89
| proxy={proxy type} |`Proxy`|`Proxy.None`| Type of proxy in use (if any); for example "twemproxy/envoyproxy" |
90
90
| resolveDns={bool} |`ResolveDns`|`false`| Specifies that DNS resolution should be explicit and eager, rather than implicit |
91
-
| serviceName={string} |`ServiceName`|`null`| Used for connecting to a sentinel primary service |
91
+
| serviceName={string} |`ServiceName`|`null`| Used for connecting to a sentinel primary service |
92
92
| ssl={bool} |`Ssl`|`false`| Specifies that SSL encryption should be used |
93
93
| sslHost={string} |`SslHost`|`null`| Enforces a particular SSL host identity on the server's certificate |
94
94
| sslProtocols={enum} |`SslProtocols`|`null`| Ssl/Tls versions supported when using an encrypted connection. Use '\|' to provide multiple values. |
95
95
| syncTimeout={int} |`SyncTimeout`|`5000`| Time (ms) to allow for synchronous operations |
96
-
| asyncTimeout={int} |`AsyncTimeout`|`SyncTimeout`| Time (ms) to allow for asynchronous operations |
97
-
| tiebreaker={string} |`TieBreaker`|`__Booksleeve_TieBreak`| Key to use for selecting a server in an ambiguous primary scenario |
98
-
| version={string} |`DefaultVersion`| (`3.0` in Azure, else `2.0`) | Redis version level (useful when the server does not make this available) |
96
+
| asyncTimeout={int} |`AsyncTimeout`|`SyncTimeout`| Time (ms) to allow for asynchronous operations |
97
+
| tiebreaker={string} |`TieBreaker`|`__Booksleeve_TieBreak`| Key to use for selecting a server in an ambiguous primary scenario |
98
+
| version={string} |`DefaultVersion`| (`4.0` in Azure, else `2.0`) | Redis version level (useful when the server does not make this available) |
99
99
100
100
101
101
Additional code-only options:
@@ -105,6 +105,8 @@ Additional code-only options:
105
105
- Determines how commands will be queued (or not) during a disconnect, for sending when it's available again
106
106
- BeforeSocketConnect - Default: `null`
107
107
- Allows modifying a `Socket` before connecting (for advanced scenarios)
108
+
- SslClientAuthenticationOptions (`netcooreapp3.1`/`net5.0` and higher) - Default: `null`
109
+
- Allows specifying exact options for SSL/TLS authentication against a server (e.g. cipher suites, protocols, etc.) - overrides all other SSL configuration options. This is a `Func<string, SslClientAuthenticationOptions>` which receiveces the host (or `SslHost` if set) to get the options for. If `null` is returned from the `Func`, it's the same as this property not being set at all when connecting.
108
110
109
111
Tokens in the configuration string are comma-separated; any without an `=` sign are assumed to be redis server endpoints. Endpoints without an explicit port will use 6379 if ssl is not enabled, and 6380 if ssl is enabled.
110
112
Tokens starting with `$` are taken to represent command maps, for example: `$config=cfg`.
Copy file name to clipboardExpand all lines: docs/ReleaseNotes.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,6 +9,8 @@
9
9
- Performance: Optimization around timeout processing to reduce lock contention in the case of many items that haven't yet timed out during a heartbeat ([#2217 by NickCraver](https://github.com/StackExchange/StackExchange.Redis/pull/2217))
- Fix [#1968](https://github.com/StackExchange/StackExchange.Redis/issues/1968): Improved handling of EVAL scripts during server restarts and failovers, detecting and re-sending the script for a retry when needed ([#2170 by martintmk](https://github.com/StackExchange/StackExchange.Redis/pull/2170))
12
+
- Adds: `ConfigurationOptions.SslClientAuthenticationOptions` (`netcoreapp3.1`/`net5.0`+ only) to give more control over SSL/TLS authentication ([#2224 by NickCraver](https://github.com/StackExchange/StackExchange.Redis/pull/2224))
varsb=newStringBuilder("It was not possible to connect to the redis server(s).");
386
-
if(muxer!=null)
388
+
Exception?inner=null;
389
+
if(muxeris not null)
387
390
{
388
-
if(muxer.AuthSuspect)sb.Append(" There was an authentication failure; check that passwords (or client certificates) are configured correctly.");
389
-
elseif(muxer.RawConfig.AbortOnConnectFail)sb.Append(" Error connecting right now. To allow this multiplexer to continue retrying until it's able to connect, use abortConnect=false in your connection string or AbortOnConnectFail=false; in your code.");
391
+
if(muxer.AuthExceptionisExceptionaex)
392
+
{
393
+
sb.Append(" There was an authentication failure; check that passwords (or client certificates) are configured correctly: (").Append(aex.GetType().Name).Append(") ").Append(aex.Message);
sb.Append(" Error connecting right now. To allow this multiplexer to continue retrying until it's able to connect, use abortConnect=false in your connection string or AbortOnConnectFail=false; in your code.");
0 commit comments