Hiredis does not support SSL (Action Cable)

Connecting to redis over SSL works well for both ActiveJob and the RedisCacheStore. However, Action Cable uses hiredis as the redis driver, and hiredis not support SSL (They actually merged in support over a year ago, but there has been no release despite an issue being filed). Could hiredis be made optional?

Last time I benchmarked I could not see any perf advantages for hiredis, in fact it was slower than the redis gem

I think rails can certainly make this optional

Cc @byroot

Yeah Iā€™m aware of the lack of SSL support in hiredis-rb. However Iā€™m not the maintainer of it.

1 Like

Sorry, I kinda missed this was about Action Cable. Iā€™m really unfamiliar with it, but I agree that no library should force the use of hiredis. It should be a end user decision to use it.

However I donā€™t see any reference to hiredis in Action Cable: rails/redis.rb at main Ā· rails/rails Ā· GitHub

1 Like

The SSL support is actually an issue in hiredis itself. The hiredis-rb gem is not the issue, at least until hiredis releases the feature.

As far as its use in Action Cable, thatā€™s based on the error message I received when I connected over SSL. Since I got a hiredis error, I assumed that hiredis was a dependency. Is that not supposed to be the case?

Since I got a hiredis error, I assumed that hiredis was a dependency. Is that not supposed to be the case?

As far as I can tell by reading the Action Cable source, no. Something in your app must be requiring hiredis, once it is loaded it end up being the default client.

1 Like

A grep through railsā€™ master shows the following hits for hiredis:

./Gemfile:74: gem ā€œhiredisā€, require: false

./Gemfile.lock:276: hiredis (0.6.3)

./Gemfile.lock:277: hiredis (0.6.3-java)

./Gemfile.lock:562: hiredis

./actioncable/test/subscription_adapter/redis_test.rb:22:class RedisAdapterTest::Hiredis < RedisAdapterTest

./actioncable/test/subscription_adapter/redis_test.rb:24: super.merge(driver: ā€œhiredisā€)

./activesupport/Rakefile:29: %w[ ruby hiredis ].each do |driver|

./activesupport/lib/active_support/cache/redis_cache_store.rb:12:# Prefer the hiredis driver but donā€™t require it.

./activesupport/lib/active_support/cache/redis_cache_store.rb:14: require ā€œredis/connection/hiredisā€

./activesupport/lib/active_support/cache/redis_cache_store.rb:40: # * Supports vanilla Redis, hiredis, and Redis::Distributed.

./activesupport/test/cache/stores/redis_cache_store_test.rb:8:driver_name = %w[ ruby hiredis ].include?(ENV[ā€œREDIS_DRIVERā€]) ? ENV[ā€œREDIS_DRIVERā€] : ā€œhiredisā€

./activesupport/test/cache/stores/redis_cache_store_test.rb:28: DRIVER = %w[ ruby hiredis ].include?(ENV[ā€œREDIS_DRIVERā€]) ? ENV[ā€œREDIS_DRIVERā€] : ā€œhiredisā€

./guides/source/caching_with_rails.md:504:You can enable support for the faster hiredis

./guides/source/caching_with_rails.md:508:gem ā€˜hiredisā€™

./guides/source/caching_with_rails.md:511:Redis cache store will automatically require & use hiredis if available. No further

In other words, the only mention of hiredis in actioncable is in test code, it presumably sources it from activesupport which has an optional, albeit prefered, dependency on hiredis. If you send me a list of your Gemfile and Gemfile.lock, I can take a look and see whatā€™s going on. ā€“ H

I had hiredis in my Gemfile for some long-forgotten purpose. I still donā€™t know why it was picked up by default though. The redis-rb docs make it appear that you have to specify hiredis for it to be used.

So, it turns out that there is no hiredis issue here. Sorry about that. Iā€™m still having an issue using SSL with Action Cable, though, because my redis provider (Heroku) requires ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE } on the Redis instance config. From what I can tell, Action Cable will not pick up :ssl_params from cable.yml, and I havenā€™t figured out how to pass in non-default redis options (or a Redis instance) yet.

In other words, this thread has turned into a duplicate of Support for SSL configuration in cable.yml. I would support making the change suggested in that post. Thanks everyone for the attention that this has received!

1 Like

Which version of Action Cable are you using? 6.0.x+ should be passing all options through to the Redis client.

@georgeclaghorn Thanks. Iā€™m on 6.0, but when I first looked at the code to see what options were available I was unknowingly viewing a prior version that only passed certain options. I discovered my mistake yesterday, edited my cable.yml and itā€™s working well now. Thank you and Iā€™m sorry to everyone in this thread who took the time to look at my non-issue.

I actually didnā€™t discover my mistake until I was preparing a post to get opinions before submitting a pull request to make a changeā€¦ that was already made. Yeah.

1 Like

No worries. Glad you got it sorted out.

1 Like