After upgrading my Heroku Redis add-on to v6.2.3 from v4, Heroku papertrail logs display this error: Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I am connecting to Redis using NodeJs and the bull
npm package (https://www.npmjs.com/package/bull). I found similar questions related to this error, along with Heroku documentation, and based on that I have set my bull
redis options to the following:
redis: {
host: redisURL.hostname,
port: Number(redisURL.port),
password: redisURL.password,
tls: {
rejectUnauthorized: false,
},
},
Note the tls
parameter. I have set it to Heroku’s recommendations here: https://devcenter.heroku.com/articles/heroku-redis#connecting-in-node-js
After getting stuck for a while, I attempted to simply comment out any client code that connects to Redis, delete the add-on, and re-provision the add-on. I expected to see no redis logs in papertrail when I did this, but I still see the same error, even when no code that connects to redis is being run… This leads me to believe maybe it’s a setting on the actual Redis add-on instance, rather than an issue with my code, but I am at a loss.
Updates:
I logged into the redis:cli and did some investigation. client list
reveals 2 client connections. 1 is the instance of the redis:cli I am running in my terminal, and another is the a client with a flag that means "the client is a replica node connection to this instance" (see https://redis.io/commands/client-list). What is interesting is the error that is being logged in papertrail shows the file descriptor for the client connection that is having the SSL error fd=12
, while the 2 clients shown in client list
have the file descriptors fd=10
and fd=11
. So there must be another client connection with fd=12
that isn’t appearing in client list
command causing the error shown above.
2
Answers
Ran into the same problem. In addition to
rejectUnauthorized: false
, addingrequestCert: true,
solved it for me. In addition, some clients needagent: false,
(but the version of Bull I’m using doesn’t recognise that argument)Jasper Kennis’ answer is correct. Adding
tls: {rejectUnauthorized: false}
fixed this issue for me. Unfortunately, Heroku only gives you a fullREDIS_URL
connection string, so you need to parse the password/host/port yourself (you can’t specify both a URL and tls settings). Here’s myBullModule.forRoot()
config object if it helps:Using:
@nestjs/bull: 0.6.0,
Heroku redis: 6.2.3