Deciding Whether to Enable or Disable Redis TLS Support

Tadashi Shigeoka ·  Sat, April 17, 2021

I’ll introduce considerations for deciding whether to enable or disable Redis TLS support.

redis

Background Knowledge: Redis TLS Support

SSL/TLS support in Redis started from version 6.

TLS Support

SSL/TLS is supported by Redis starting with version 6 as an optional feature that needs to be enabled at compile time.

Quote from: TLS Support – Redis

Background: How to Decide Whether to Enable or Disable Redis TLS?

Thinking for Enabling Redis TLS

  • Don't trust that "VPC internal networks are safe" and believe **"TLS should be used everywhere"**
  • Zero Trust approach

This kind of thinking 🔒

Thinking for Disabling Redis TLS

  • VPC internal networks are safe
  • Since communication happens within the same VPC, there's no need to enable Redis TLS

This kind of thinking 🏠

That’s all from the Gemba.