Skip to content

Commit

Permalink
TLS: Update documentation.
Browse files Browse the repository at this point in the history
  • Loading branch information
@yossigo @jschmieg
yossigo authored and jschmieg committed Mar 24, 2020
1 parent 927e7b1 commit 853b4fd
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 31 deletions.
18 changes: 18 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,11 @@ It is as simple as:

% make

To build with TLS support, you'll need OpenSSL development libraries (e.g.
libssl-dev on Debian/Ubuntu) and run:

% make BUILD_TLS=yes

You can run a 32 bit Redis binary using:

% make 32bit
Expand All @@ -43,6 +48,13 @@ After building Redis, it is a good idea to test it using:

% make test

If TLS is built, running the tests with TLS enabled (you will need `tcl-tls`
installed):

% ./utils/gen-test-certs.sh
% ./runtest --tls


Fixing build problems with dependencies or cached build options
---------

Expand Down Expand Up @@ -129,6 +141,12 @@ as options using the command line. Examples:
All the options in redis.conf are also supported as options using the command
line, with exactly the same name.

Running Redis with TLS:
------------------

Please consult the [TLS.md](TLS.md) file for more information on
how to use Redis with TLS.

Playing with Redis
------------------

Expand Down
45 changes: 14 additions & 31 deletions TLS.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
TLS Support -- Work In Progress
===============================

This is a brief note to capture current thoughts/ideas and track pending action
items.
TLS Support
===========

Getting Started
---------------
Expand Down Expand Up @@ -69,37 +66,23 @@ probably not be so hard. For cluster keys migration it might be more difficult,
but there are probably other good reasons to improve that part anyway.

To-Do List
==========

Additional TLS Features
-----------------------

1. Add metrics to INFO?
2. Add session caching support. Check if/how it's handled by clients to assess
how useful/important it is.

redis-benchmark
---------------

The current implementation is a mix of using hiredis for parsing and basic
networking (establishing connections), but directly manipulating sockets for
most actions.

This will need to be cleaned up for proper TLS support. The best approach is
probably to migrate to hiredis async mode.

redis-cli
---------
----------

1. Add support for TLS in --slave and --rdb modes.
- [ ] Add session caching support. Check if/how it's handled by clients to
assess how useful/important it is.
- [ ] redis-benchmark support. The current implementation is a mix of using
hiredis for parsing and basic networking (establishing connections), but
directly manipulating sockets for most actions. This will need to be cleaned
up for proper TLS support. The best approach is probably to migrate to hiredis
async mode.
- [ ] redis-cli `--slave` and `--rdb` support.

Others
------
Multi-port
----------

Consider the implications of allowing TLS to be configured on a separate port,
making Redis listening on multiple ports.
making Redis listening on multiple ports:

This impacts many things, like
1. Startup banner port notification
2. Proctitle
3. How slaves announce themselves
Expand Down

0 comments on commit 853b4fd

Please sign in to comment.