Updated on 2025-08-25 GMT+08:00

DCS for Redis Instances Support SSL

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

dcs-redis-enable-ssl

Identifier

DCS for Redis Instances Support SSL

Description

If a DCS Redis instance can be accessed over public networks but does not support SSL, this instance is non-compliant.

Tag

dcs

Trigger Type

Configuration change

Filter Type

dcs.redis

Rule Parameters

None

Application Scenarios

You need to ensure that SSL encryption is enabled for data transmission if your DCS for Redis resources are accessible through public networks. SSL is disabled by default for DCS for Redis 6.0 basic edition instances. DCS for Redis 4.0 and 5.0 instances do not support SSL encryption and support only plaintext transmission. For details, see Does DCS for Redis Support SSL Encrypted Transmission?

Solution

DCS for Redis 6.0 and 7.0 basic edition instances in single-node, master/standby, and Redis cluster mode support SSL encryption for data transmission security. This function is not available for other instance versions. RESP (Redis Serialization Protocol), the communication protocol of Redis, only supports plaintext transmission in versions earlier than Redis 6.0. For details, see Transmitting DCS Redis Data with Encryption Using SSL.

For DCS for Redis earlier than 6.0, upgrade the Redis instance before enabling SSL encryption.

Rule Logic

  • If your DCS for Redis instances are not accessible through public networks, the check result is compliant.
  • If DCS for Redis instances are accessible through public networks and SSL encryption is enabled, the check result is compliant.
  • If DCS for Redis instances are accessible through public networks but SSL encryption is disabled, the check result is non-compliant.