For the past two weeks I am trying to set up (locally) redis and my go microservice to communicate using TLS. I use docker compose to up all of the needed containers - redis master, redis slave, redis sentinel and go application that uses go-redis package. All of the redis services are equipped with the needed certificates - root ca, service cs, service private key. I also turned off mutual TLS (mTLS) as redis uses it by default (--tls-auth-clients no). I run docker-compose and all of the redis services discover each other and establish TLS connection without any problems. When I connect to the go application container and run redis-cli inside it (redis-cli -h master -p 6379 --tls) I successfully connect to the master using TLS and I am able to execute commands without any problems.
The problem I face comes when I start the go application and try to connect to redis master (in this specific case the command is set key). All of the three redis services use the same TLS version: --tls-protocols TLSv1.2 so I added it to the go app config. Here is the redis client I create:
redisClient = redis.NewFailoverClient(&redis.FailoverOptions{
SentinelAddrs: adrs,
MasterName: redisMaster,
Password: password,
DB: db,
OnConnect: func(ctx context.Context, conn *redis.Conn) error {
// logging ...
// redis: Successfully connected to Redis
return nil
},
TLSConfig: &tls.Config{
//InsecureSkipVerify: true,
MinVersion: tls.VersionTLS12,
},
When the application is started I receive the following logs (not sure why I receive several success messages):
{"connection":"Redis\u003csentinel:26379 db:0\u003e","level":"info","msg":"redis: Successfully connected to Redis"}
{"connection":"Redis\u003csentinel:26379 db:0\u003e","level":"info","msg":"redis: Successfully connected to Redis"}
redis: 2022/04/03 18:09:53 sentinel.go:643: sentinel: new master="mymaster" addr="redis-master:6379"
{"connection":"Redis\u003cFailoverClient db:0\u003e","level":"info","msg":"redis: Successfully connected to Redis"}
{"connection":"Redis\u003cFailoverClient db:0\u003e","level":"info","msg":"redis: Successfully connected to Redis"}
{"connection":"Redis\u003cFailoverClient db:0\u003e","level":"info","msg":"redis: Successfully connected to Redis"}
{"connection":"Redis\u003cFailoverClient db:0\u003e","level":"info","msg":"redis: Successfully connected to Redis"}
{"error":"read tcp 1.2.3.4:50516-\u003e5.6.7.8:6379: read: connection reset by peer","level":"error","master_name":"mymaster","msg":"redis: failed to connect to Redis"}
Docker-compose logs for redis-master:
master_1 | 1:M 03 Apr 2022 18:09:53.419 # Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (conn: fd=11)
master_1 | 1:M 03 Apr 2022 18:09:53.444 # Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
master_1 | 1:M 03 Apr 2022 18:09:53.456 # Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
master_1 | 1:M 03 Apr 2022 18:09:53.507 # Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I have no idea why redis-cli connects without any problems to the master and the application fails when they are in the same container. Also I dont know why the above error says SSL routines:ssl3_get_record:wrong version number.
I will appreciate any help!
Thanks in advance!