Stunnel for Redis SSL

At the current state, Redis does not support encryption out-of-the-box. Stunnel creates a secure connection for clients and servers that do not support the SSL or TLS protocol.

Configuration

You will need to download the certificate from Rackspace:

$ wget http://ssl.rackspaceclouddb.com/rackspace-ca-2016.pem

Then create a configuration file for Stunnel (I’ve named mine stunnel.config):

client = yes
foreground = yes
debug = info
output = stunnel.log

[redis]
accept  = 127.0.0.1:6380
connect = 3514468cec674d9c9b045d4a2b243b6c.publb.rackspaceclouddb.com:6380
TIMEOUTclose = 0
CAfile = /path/to/file/rackspace-ca-2016.pem

Once that’s done, we can start Stunnel like so:

$ stunnel /path/to/file/stunnel.config
2016.04.14 16:49:31 LOG5[ui]: stunnel 5.31 on x86_64-apple-darwin15.3.0 platform
2016.04.14 16:49:31 LOG5[ui]: Compiled/running with OpenSSL 1.0.2g  1 Mar 2016
2016.04.14 16:49:31 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2016.04.14 16:49:31 LOG5[ui]: Reading configuration from file /path/to/file/stunnel.config
2016.04.14 16:49:31 LOG5[ui]: UTF-8 byte order mark not detected
2016.04.14 16:49:31 LOG5[ui]: FIPS mode disabled
2016.04.14 16:49:31 LOG6[ui]: Initializing service [redis]
2016.04.14 16:49:31 LOG4[ui]: Service [redis] uses "verify = 2" without subject checks
2016.04.14 16:49:31 LOG4[ui]: Use "checkHost" or "checkIP" to restrict trusted certificates
2016.04.14 16:49:31 LOG5[ui]: Configuration successful

Open another terminal window, and connect to redis on the local machine:

$ redis-cli -h localhost -p 6380 -a <password>
localhost:6380> ping
PONG

Done!