Lettuce 6.1.0.RELEASE added support for three SSL/TLS verification modes (SslVerifyMode):
NONE (corresponds with setVerifyPeer(false))CA (only verifies the CA and cert, without verifying the hostname matches)FULL (corresponds with setVerifyPeer(true))
The new CA mode is most helpful for cluster mode, where the seed connection is made via hostname (and thus matches hostnames in the certificate), but then cluster node connections are made by IP address (which typically do not appear in SubjectAltNames of the certificate, particularly for redis instances from cloud providers).
Currently, Spring Data Redis only supports setVerifyPeer(boolean). I would like Spring Data Redis to support the three verification modes that Lettuce >= 6.1 now supports.
Lettuce 6.1.0.RELEASE added support for three SSL/TLS verification modes (
SslVerifyMode):NONE(corresponds withsetVerifyPeer(false))CA(only verifies the CA and cert, without verifying the hostname matches)FULL(corresponds withsetVerifyPeer(true))The new
CAmode is most helpful for cluster mode, where the seed connection is made via hostname (and thus matches hostnames in the certificate), but then cluster node connections are made by IP address (which typically do not appear in SubjectAltNames of the certificate, particularly for redis instances from cloud providers).Currently, Spring Data Redis only supports
setVerifyPeer(boolean). I would like Spring Data Redis to support the three verification modes that Lettuce >= 6.1 now supports.