mirror/phpredis
1
0
Fork 0
mirror of https://github.com/phpredis/phpredis.git synced 2026-06-19 07:35:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add specific TLS options documentation

Browse Source 
Fixes #1999
This commit is contained in:
michael-grunder
2025-10-29 20:09:01 -07:00
committed by Michael Grunder
parent 6c1fbf86ae
commit c28430e5f6
1 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+29
View File
@@ -281,8 +281,37 @@ $redis->connect('/tmp/redis.sock', 0, 1.5, NULL, 0, 1.5); // Unix socket with 1.
/* With PhpRedis >= 5.3.0 you can specify authentication and stream information on connect */
$redis->connect('127.0.0.1', 6379, 1, '', 0, 0, ['auth' => ['phpredis', 'phpredis']]);
/* TLS connections can customise the underlying PHP stream context */
$redis->connect('tls://redis.example.com', 6380, 1.5, null, 0, 0, [
'auth' => ['app-user', 'strong-password'],
'stream' => [
'verify_peer' => true, // validate the server certificate against cafile/capath
'verify_peer_name' => true, // require the certificate common/SAN name to match peer_name
'peer_name' => 'redis.example.com', // expected hostname presented by the server certificate
'cafile' => '/etc/ssl/redis-ca.pem', // CA or bundle used to trust the server certificate
'capath' => '/etc/ssl/certs', // directory alternative to cafile
'allow_self_signed' => false, // set to true if you rely on a self-signed certificate
'local_cert' => '/etc/ssl/client.crt', // client certificate for mutual TLS (optional)
'local_pk' => '/etc/ssl/client.key', // private key that matches local_cert (optional)
'passphrase' => 'secret', // passphrase for local_pk if it is encrypted (optional)
'ciphers' => 'HIGH:!aNULL:!MD5', // TLS cipher list provided to OpenSSL (optional)
],
]);
~~~
When you pass a `stream` key PhpRedis forwards the options to [`stream_socket_client`](https://www.php.net/manual/en/context.ssl.php).
Commonly used options include:
- `verify_peer`, `verify_peer_name`, `peer_name`: control server certificate validation behaviour.
- `cafile`/`capath`: provide the trusted certificate authority bundle when the default store is insufficient.
- `allow_self_signed`: permits self-signed certificates when set to `true`.
- `local_cert`, `local_pk`, `passphrase`: configure client-side certificates for mutual TLS.
- `ciphers`: restrict the negotiated TLS cipher suites.
- Any other SSL context option supported by PHP (e.g. `SNI_enabled`, `disable_compression`) can also be supplied.
The same array format can be used with `pconnect`/`popen`.
**Note:** `open` is an alias for `connect` and will be removed in future versions of phpredis.
#### pconnect, popen