Aiven Redis uses SSL encrypted connections by default. This is denoted by the use of rediss://  prefix in the service URL (note the double s). Unfortunately not all Redis clients support using SSL encrypted connections. In order to support using these clients, we allow but do not recommend turning off SSL.

One way to work around this is to set up a stunnel  process on the client side to handle encryption for the clients that do not support SSL connections. You can use the following stunnel  configuration to set this up.

example-stunnel.conf :


client = yes
foreground = yes
debug = info

[redis]
accept = 127.0.0.1:6380
connect = myredis.testproject.aivencloud.com:28173
TIMEOUTclose = 0
; For old services only. New ones use Let's Encrypt and there's no
; CA cert available from Aiven console. Most environments trust
; Let's Encrypt by default without any explicit CAfile config.
; CAfile = /path/to/optional/project/cacert/that/you/can/download/from/aiven/console

Another alternative is to actually allow plain-text connections. Before doing that, make sure you understand the implications of communicating with your Redis service over plain-text connections. If SSL is turned off anyone who can eavesdrop on the traffic will be able to potentially connect and access your Aiven Redis service.

In order to do this you need to have the Aiven command line client installed.

Once installed, you should run:

avn login  # if you haven't logged in previously

And then run:

avn service update myredis -c "redis_ssl=false"

After this the service_uri will change and point at the new location, it will also start with the redis://  prefix denoting that it's a direct Redis connection which doesn't use SSL.

Did this answer your question?