7

After upgrading my Heroku Redis add-on to v6.2.3 from v4, Heroku papertrail logs display this error: Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I am connecting to Redis using NodeJs and the bull npm package (https://www.npmjs.com/package/bull). I found similar questions related to this error, along with Heroku documentation, and based on that I have set my bull redis options to the following: 

redis: {
    host: redisURL.hostname,
    port: Number(redisURL.port),
    password: redisURL.password,
    tls: {
      rejectUnauthorized: false,
    },
  },

Note the tls parameter. I have set it to Heroku's recommendations here: https://devcenter.heroku.com/articles/heroku-redis#connecting-in-node-js

After getting stuck for a while, I attempted to simply comment out any client code that connects to Redis, delete the add-on, and re-provision the add-on. I expected to see no redis logs in papertrail when I did this, but I still see the same error, even when no code that connects to redis is being run... This leads me to believe maybe it's a setting on the actual Redis add-on instance, rather than an issue with my code, but I am at a loss.

Updates:

I logged into the redis:cli and did some investigation. client list reveals 2 client connections. 1 is the instance of the redis:cli I am running in my terminal, and another is the a client with a flag that means "the client is a replica node connection to this instance" (see https://redis.io/commands/client-list). What is interesting is the error that is being logged in papertrail shows the file descriptor for the client connection that is having the SSL error fd=12, while the 2 clients shown in client list have the file descriptors fd=10 and fd=11. So there must be another client connection with fd=12 that isn't appearing in client list command causing the error shown above.

dnobbe1
  • 71
  • 1
  • 3
  • I have the exact same issue and could not find a solution yet. – funkenstrahlen Nov 10 '21 at 12:40
  • @funkenstrahlen I was able to log into the redis cli (to do this you run the command `heroku redis:cli -a ` What I found is interesting. Even after commenting out the client code in my app, there is always 1 client connection to the redis instance. Even after running `client kill` on the persistent client, it simply reconnects a new one and continues to display the error in papertrail. Sorry, I know that's not a solution but hopefully with that added context we can figure it out. I would like to know where this initial client connection is coming from, it may hold the answer. – dnobbe1 Nov 10 '21 at 12:54
  • I am having the same problem using `ioredis`. – AndreFeijo Mar 17 '22 at 09:02
  • I am facing the same issue after upgrading my Heroku Redis plan to 6.2.3. – Ping Zhao Dec 16 '22 at 15:31

2 Answers2

4

Jasper Kennis' answer is correct. Adding tls: {rejectUnauthorized: false} fixed this issue for me. Unfortunately, Heroku only gives you a full REDIS_URL connection string, so you need to parse the password/host/port yourself (you can't specify both a URL and tls settings). Here's my BullModule.forRoot() config object if it helps:

redis: {
    password: process.env.REDIS_URL.split('@')[0].split(':')[2],
    host: process.env.REDIS_URL.split('@')[1].split(':')[0],
    port: parseInt(process.env.REDIS_URL.split('@')[1].split(':')[1]),
    tls: { rejectUnauthorized: false },
  }

Using: @nestjs/bull: 0.6.0, Heroku redis: 6.2.3

Jameson
  • 51
  • 1
  • 1
    I am using the same versions of modules, and followed this answer. It is working on local environment, but after deploying the app to Heroku I am getting the same error. – Ping Zhao Dec 16 '22 at 15:47
3

Ran into the same problem. In addition to rejectUnauthorized: false, adding requestCert: true, solved it for me. In addition, some clients need agent: false, (but the version of Bull I'm using doesn't recognise that argument)

  redis: {
    host: redisURL.hostname,
    port: Number(redisURL.port),
    password: redisURL.password,
    tls: {
      rejectUnauthorized: false,
      requestCert: true,
      // agent: false, (not all clients accept this)
    },
  },
Jasper Kennis
  • 3,225
  • 6
  • 41
  • 74