DCS for Redis Instances Support SSL
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
dcs-redis-enable-ssl |
|
Identifier |
DCS for Redis Instances Support SSL |
|
Description |
If a DCS Redis instance can be accessed over public networks but does not support SSL, this instance is non-compliant. |
|
Tag |
dcs |
|
Trigger Type |
Configuration change |
|
Filter Type |
dcs.redis |
|
Rule Parameters |
None |
Application Scenarios
You need to ensure that SSL encryption is enabled for data transmission if your DCS for Redis resources are accessible through public networks. SSL is disabled by default for DCS for Redis 6.0 basic edition instances. DCS for Redis 4.0 and 5.0 instances do not support SSL encryption and support only plaintext transmission. For details, see Does DCS for Redis Support SSL Encrypted Transmission?
Solution
DCS for Redis 6.0 and 7.0 basic edition instances in single-node, master/standby, and Redis cluster mode support SSL encryption for data transmission security. This function is not available for other instance versions. RESP (Redis Serialization Protocol), the communication protocol of Redis, only supports plaintext transmission in versions earlier than Redis 6.0. For details, see Transmitting DCS Redis Data with Encryption Using SSL.
For DCS for Redis earlier than 6.0, upgrade the Redis instance before enabling SSL encryption.
Rule Logic
- If your DCS for Redis instances are not accessible through public networks, the check result is compliant.
- If DCS for Redis instances are accessible through public networks and SSL encryption is enabled, the check result is compliant.
- If DCS for Redis instances are accessible through public networks but SSL encryption is disabled, the check result is non-compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
