使用Redis-cli + stunnel以外的客户端通过传输加密+ Auth连接到AWS ElastiCache [英] Connect to AWS ElastiCache with In-Transit Encryption + Auth from client other than redis-cli+stunnel

问题描述

我正在尝试使用 Ruby redis客户端和两个NodeJS客户端之一( node_redis 或

I'm trying to use a Ruby redis client and either one of two NodeJS clients (node_redis or ioredis) to connect to an Amazon ElastiCache cluster with in-transit encryption and auth enabled and am having issues. For all three clients, as soon as I connect I get an ECONNRESET error thrown immediately and over and over again when connection retries occur.

我已遵循 AWS文档并能够使用stunnel通过redis-cli成功连接，但到目前为止尚未与任何其他客户端连接.

I have followed the AWS docs and am able to successfully connect via redis-cli using stunnel, but haven't been able to connect with any other client so far.

通过查看此 SO答案，它出现了不需要证书，我们只需要将空选项传递给TLS配置(如果适用)，但是无论我输入什么内容都不会成功.我还尝试将默认的tunnel stunnel.pem私钥作为证书传递给所有客户端，以防万一，这显然也不起作用.来自其他使用ElastiCache的人的帮助或专业知识将是有帮助的！

From looking at this SO answer, it appears there is no certificate required and we simply need to pass empty options to the TLS config (if applicable), but no matter what I enter I'm unsuccessful. I've also tried passing the default stunnel stunnel.pem private key as the cert in all clients just in case, and it obviously doesn't work either. Any assistance or expertise from others who have used ElastiCache would be helpful!

推荐答案

对于两个客户端，默认的TLS行为是验证服务器证书，而我们需要将其禁用.这两个客户端的解决方案如下:

For both clients the default TLS behavior is to verify the server certificate, which we needed to disable. The solution for both clients is as follows:

NodeJS客户端:

NodeJS client:

const redis = require('redis')
const client = redis.createClient({host: hostOrIp, port: 6379, auth_pass: 'thePassword', tls: { checkServerIdentity: () => undefined }})

Ruby客户端:

require "redis"
redis = Redis.new(url: connectionString, ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE })

这篇关于使用Redis-cli + stunnel以外的客户端通过传输加密+ Auth连接到AWS ElastiCache的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！