skip to Main Content

After upgrading my Heroku Redis add-on to v6.2.3 from v4, Heroku papertrail logs display this error: Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I am connecting to Redis using NodeJs and the bull npm package (https://www.npmjs.com/package/bull). I found similar questions related to this error, along with Heroku documentation, and based on that I have set my bull redis options to the following:

redis: {
    host: redisURL.hostname,
    port: Number(redisURL.port),
    password: redisURL.password,
    tls: {
      rejectUnauthorized: false,
    },
  },

Note the tls parameter. I have set it to Heroku’s recommendations here: https://devcenter.heroku.com/articles/heroku-redis#connecting-in-node-js

After getting stuck for a while, I attempted to simply comment out any client code that connects to Redis, delete the add-on, and re-provision the add-on. I expected to see no redis logs in papertrail when I did this, but I still see the same error, even when no code that connects to redis is being run… This leads me to believe maybe it’s a setting on the actual Redis add-on instance, rather than an issue with my code, but I am at a loss.

Updates:

I logged into the redis:cli and did some investigation. client list reveals 2 client connections. 1 is the instance of the redis:cli I am running in my terminal, and another is the a client with a flag that means "the client is a replica node connection to this instance" (see https://redis.io/commands/client-list). What is interesting is the error that is being logged in papertrail shows the file descriptor for the client connection that is having the SSL error fd=12, while the 2 clients shown in client list have the file descriptors fd=10 and fd=11. So there must be another client connection with fd=12 that isn’t appearing in client list command causing the error shown above.

2

Answers


  1. Ran into the same problem. In addition to rejectUnauthorized: false, adding requestCert: true, solved it for me. In addition, some clients need agent: false, (but the version of Bull I’m using doesn’t recognise that argument)

      redis: {
        host: redisURL.hostname,
        port: Number(redisURL.port),
        password: redisURL.password,
        tls: {
          rejectUnauthorized: false,
          requestCert: true,
          // agent: false, (not all clients accept this)
        },
      },
    
    Login or Signup to reply.
  2. Jasper Kennis’ answer is correct. Adding tls: {rejectUnauthorized: false} fixed this issue for me. Unfortunately, Heroku only gives you a full REDIS_URL connection string, so you need to parse the password/host/port yourself (you can’t specify both a URL and tls settings). Here’s my BullModule.forRoot() config object if it helps:

    redis: {
        password: process.env.REDIS_URL.split('@')[0].split(':')[2],
        host: process.env.REDIS_URL.split('@')[1].split(':')[0],
        port: parseInt(process.env.REDIS_URL.split('@')[1].split(':')[1]),
        tls: { rejectUnauthorized: false },
      }
    

    Using:
    @nestjs/bull: 0.6.0,
    Heroku redis: 6.2.3

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search