PHP Session handler Redis - AWS ElastiCache Encryption in-transit

Question

I've tried to setup PHP session handler Redis.

session.save_handler = redis
session.save_path = "tcp://xxx.cache.amazonaws.com:6379"

This works well, but when Encryption in-transit is enabled, then it fails on

Failed to read session data: redis

In that case connection string contained auth param

?auth=12345

Is there any trick which I've missed

Redis currently doesn't support TLS. The TLS layer is provided by AWS elasticache. The phpredis client which you're using won't be able to connect to the Elasticache when Encryption is enabled. — Nitesh morajkar, Apr 29 '20 at 11:10
Thanks, I've reached same conclusion, I just thought somebody might have some trick in a sleeve — Zdenek Machek, Apr 29 '20 at 12:13
Redis versions 6 and 7 from AWS Elasticache now support TLS that is compatible with PHP Sessions and Predis. With those, you can use the `tls://` syntax provided by Zdenek below — Brandon, Dec 03 '22 at 19:59

score 7 · Accepted Answer · answered May 04 '20 at 15:55

7

Ok, not documented very well, but https://github.com/phpredis/phpredis/issues/1657 pointed me in right direction, solution is simple, use tls scheme

session.save_path = "tls://xxx.cache.amazonaws.com:6379?auth=12345"

answered May 04 '20 at 15:55

Zdenek Machek

Had the same problem - fixed by this solution. gracias – The Onin Aug 05 '20 at 17:35

1 Answers1