Aiven Redis uses SSL encrypted connections by default. This is denoted by the use of rediss://  prefix in the service URL (note the double s).

Since Redis 6, the redis-cli tool itself supports SSL connections so you can access connect directly to your service using:

redis-cli -u rediss://username:password@host:port

Or with the third-party redli tool:

redli -u rediss://username:password@host:port

Unfortunately not all Redis clients support using SSL encrypted connections. In order to support using these clients, we allow but do not recommend turning off SSL.

One way to work around this is to set up a stunnel  process on the client side to handle encryption for the clients that do not support SSL connections. You can use the following stunnel  configuration to set this up.

example-stunnel.conf :

client = yes
foreground = yes
debug = info
delay = yes

accept =
connect =
TIMEOUTclose = 0
; For old services only. New ones use Let's Encrypt and there's no
; CA cert available from Aiven console. Most environments trust
; Let's Encrypt by default without any explicit CAfile config.
; CAfile = /path/to/optional/project/cacert/that/you/can/download/from/aiven/console

Note that when SSL is in use we have a separate service terminating the SSL connections before they are forwarded to Redis. This process has a connection timeout of its own independent of Redis' connection timeout. If you allow very long Redis timeouts this frontend service may end up closing the connection before the Redis timeout has expired. By the time of writing this timeout is set to 12 hours.

Another alternative is to actually allow plain-text connections. Before doing that, make sure you understand the implications of communicating with your Redis service over plain-text connections. If SSL is turned off anyone who can eavesdrop on the traffic will be able to potentially connect and access your Aiven Redis service.

This can be accomplished in the "Advanced configuration" section of the "Overview" tab, or using the Aiven command line client.

Alternatively, once installed, you should run:

avn login  # if you haven't logged in previously

And then run:

avn service update myredis -c "redis_ssl=false"

After this the service_uri will change and point at the new location, it will also start with the redis://  prefix denoting that it's a direct Redis connection which doesn't use SSL.

Got here by accident? Learn how Aiven simplifies managing Redis in the Cloud:

Did this answer your question?