Tip: Using the latest TLS version with Azure Cache for Redis

Azure Cache for Redis provides an in-memory data store based on the open-source software Redis.

As a part of the industry-wide push toward the exclusive use of Transport Layer Security (TLS) version 1.2 or later, Azure Cache for Redis will not support TLS versions 1.0 and 1.1 i.e. your application will be required to use TLS 1.2 or later to communicate with your cache

To read the details, please refer to this page from the product documentation

It might be helpful to know how will this might manifest in your Go apps (I am using go-redis client as an example)

If you don’t specify TLS at all

e.g.

c := redis.NewClient(&redis.Options{Addr: endpoint, Password: password})
err := c.Ping().Err()
    if err != nil {
        log.Fatal(err)
    }
defer c.Close()

.. you will encounter this error i/o timeout (probably not that helpful)

If the specified TLS version is less than 1.2

e.g.

tlsConfig := &tls.Config{MaxVersion: tls.VersionTLS11, MinVersion: tls.VersionTLS10}
c := redis.NewClient(&redis.Options{Addr: endpoint, Password: password, TLSConfig: tlsConfig})
err := c.Ping().Err()
 if err != nil {
    log.Fatal(err)
 }
defer c.Close()

..you will end up an tls: DialWithDialer timed out error (again, not that obvious)

The solution is obvious though

If you don’t set MaxVersion or MinVersion i.e. use tlsConfig := &tls.Config{} it will work since MaxVersion defaulta to TLS1.3(see https://golang.org/pkg/crypto/tls/#Config)

For sake of clarity, it’s better to be explicit i.e.

tlsConfig := &tls.Config{MinVersion: tls.VersionTLS12}

I hope this proves helpful if you stumble across any issues while connecting to Azure Cache for Redis with Go

Cheers!