lettuce icon indicating copy to clipboard operation
lettuce copied to clipboard
verified publisher icon redis

Optionally call AUTH before calling HELLO

Open tishun opened this issue 9 months ago • 3 comments

Feature Request

See discussion in #2900

Is your feature request related to a problem? Please describe

We would like to have the option (inside ClientOptions) to call AUTH before calling HELLO during the handshake the Lettuce driver does as part of connecting to a Redis server.

The main reason for that Linux distributions consume an older version of the Redis server, that has a bug (fixed in Redis 6.2.2) that would fail the default handshake.

Describe the solution you'd like

  1. Configure the client to issue a different type of handshake when you are connecting to older versions of Redis
  2. If enabled, during the connection initialization, do not provide the login credentials as a parameter of the HELLO command but instead issue AUTH before that

(the defaults would be for the driver to not change it's behavior)

Describe alternatives you've considered

Workarounds have their obvious disadvantages, but listing them here:

  • (recommended) redis-server --port 1236 "--user default off +@all" or "--user default off -@all +hello"
  • (recommended) redis-server --port 1236 "--user default on nopass -@all +hello"
  • disable password authentication, if this is possible
  • use RESP2, if this is possible

tishun avatar Apr 04 '25 09:04 tishun

Inquiry regarding the current status of this issue

Hello Lettuce team and maintainers ( @tishun ),

I saw the help-wanted label and was looking into this issue to potentially contribute a fix.

To start, I made several attempts to reproduce the issue locally. I have tried the following environments based on the issue description and the discussion in #2900:

  • Redis Server: redis:6.2.0 & redis:6.0.20 via Docker

  • Configuration 1: Started with a simple --requirepass "my-redis-password".

  • Configuration 2: Used a custom redis.conf with explicit ACL rules as suggested in the related discussions:

    requirepass my-redis-password
user default on >my-redis-password +@all

  • Client-side: I used the following stack:

    • Lettuce version 6.4.0.RELEASE (via Spring Boot 2.7.7)
    • Java 8
    • Gradle 7.6.6

  • Connection Code:

    String redisUri = "redis://default:my-redis-password@localhost:16379/0";
RedisClient redisClient = RedisClient.create(redisUri);

try (StatefulRedisConnection<String, String> connection = redisClient.connect()) {
  connection.sync().ping();
} catch (Exception e) {
  throw new RuntimeException(e.getMessage());
}

However, in all of my attempts, the connection was established successfully, and I received a PONG response from the ping() command without any exceptions.

This leads me to wonder if this issue might have been resolved in a recent version of Lettuce, but the issue itself was not closed. Could you please confirm if this issue is still relevant? Or perhaps I am still missing a key element in my reproduction setup.

Thank you for your time and for maintaining this great project!

devbini avatar Aug 04 '25 07:08 devbini

TBH I am not sure, as we've not looked at this for some time. I will mark it for review.

tishun avatar Aug 04 '25 15:08 tishun

Thanks for the update. I'll look forward to hearing back. Please let me know if there's anything I can do to help with the review process 😊

devbini avatar Aug 04 '25 15:08 devbini