Support TLS connections in Sentinel mode

[ae6rt]

Feature Request

Redis open source will support TLS in the not distant future. TLS support in the Sentinel will likely follow soon thereafter.

Please implement TLS support in Jedis to support Sentinel mode. This would include not only connecting to the Sentinel over TLS, but also connecting to the sentinel-reported master over TLS.

Is your feature request related to a problem? Please describe

Financial services and enterprise users of Jedis, including those using Jedis by way of Spring Data Redis, are increasingly being asked to ensure all service traffic is encrypted via TLS.

Describe alternatives you've considered

• removing calls to the Sentinel API in our code, migrating to the lower level Redis API for Redis Cluster (when it supports TLS - see link above) or Redis Enterprise. This would be painful for the number of applications we have that program to the Sentinel API.
• stunnel and spiped, neither of which work well for how our services are deployed and maintained
• exotic IPSec solutions to encrypt traffic on the wire in lieu of first class TLS support in Sentinel mode

[gkorland]

@ae6rt is #2024 what you need?

[ae6rt]

@gkorland Yes, this seems to be the same feature request.

[gkorland]

@ae6rt so does that PR good enough? can you verify it's working on your environment?

[ae6rt]

@gkorland I need a few days to study my code and whether the code in #2024 slots into the way I build the connection factory.

[ae6rt]

I don't have a definitive answer for whether #2024 will work for me. However, I can say that this is the nexus of how we define our sentinel-based connection factory:

JedisConnectionFactory factory = new JedisConnectionFactory(new RedisSentinelConfiguration(sentinel.master, sentinel.nodes), poolConfig);

I don't see obvious support in the #2024 PR for me sticking with this idiom --- unless the TLS enabled flag is completely constrained to the sentinel pool config (poolConfig). Would it be?