@@ -177,15 +177,93 @@ func onInvalidations(messages []rueidis.RedisMessage) {
177177
178178}
179179
180+ // parseCipherSuites parses a comma-separated list of cipher suite names and returns their IDs
181+ func parseCipherSuites (cipherList string ) []uint16 {
182+ if cipherList == "" {
183+ return nil
184+ }
185+
186+ // Map of cipher suite names to their IDs (TLS 1.3)
187+ cipherSuiteMap := map [string ]uint16 {
188+ "TLS_AES_128_GCM_SHA256" : tls .TLS_AES_128_GCM_SHA256 ,
189+ "TLS_AES_256_GCM_SHA384" : tls .TLS_AES_256_GCM_SHA384 ,
190+ "TLS_CHACHA20_POLY1305_SHA256" : tls .TLS_CHACHA20_POLY1305_SHA256 ,
191+ }
192+
193+ names := strings .Split (cipherList , "," )
194+ var suites []uint16
195+
196+ for _ , name := range names {
197+ name = strings .TrimSpace (name )
198+ if id , ok := cipherSuiteMap [name ]; ok {
199+ suites = append (suites , id )
200+ } else {
201+ log .Printf ("Warning: Unknown cipher suite: %s" , name )
202+ }
203+ }
204+
205+ return suites
206+ }
207+
208+ // parseCiphers parses a comma-separated list of cipher names and returns their IDs
209+ func parseCiphers (cipherList string ) []uint16 {
210+ if cipherList == "" {
211+ return nil
212+ }
213+
214+ // Map of cipher names to their IDs (TLS 1.2 and below)
215+ cipherMap := map [string ]uint16 {
216+ "TLS_RSA_WITH_RC4_128_SHA" : tls .TLS_RSA_WITH_RC4_128_SHA ,
217+ "TLS_RSA_WITH_3DES_EDE_CBC_SHA" : tls .TLS_RSA_WITH_3DES_EDE_CBC_SHA ,
218+ "TLS_RSA_WITH_AES_128_CBC_SHA" : tls .TLS_RSA_WITH_AES_128_CBC_SHA ,
219+ "TLS_RSA_WITH_AES_256_CBC_SHA" : tls .TLS_RSA_WITH_AES_256_CBC_SHA ,
220+ "TLS_RSA_WITH_AES_128_CBC_SHA256" : tls .TLS_RSA_WITH_AES_128_CBC_SHA256 ,
221+ "TLS_RSA_WITH_AES_128_GCM_SHA256" : tls .TLS_RSA_WITH_AES_128_GCM_SHA256 ,
222+ "TLS_RSA_WITH_AES_256_GCM_SHA384" : tls .TLS_RSA_WITH_AES_256_GCM_SHA384 ,
223+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" : tls .TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ,
224+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" : tls .TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ,
225+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" : tls .TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ,
226+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA" : tls .TLS_ECDHE_RSA_WITH_RC4_128_SHA ,
227+ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" : tls .TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ,
228+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" : tls .TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ,
229+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" : tls .TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ,
230+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" : tls .TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ,
231+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" : tls .TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ,
232+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" : tls .TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ,
233+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" : tls .TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ,
234+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" : tls .TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,
235+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" : tls .TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ,
236+ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" : tls .TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ,
237+ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" : tls .TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ,
238+ }
239+
240+ names := strings .Split (cipherList , "," )
241+ var ciphers []uint16
242+
243+ for _ , name := range names {
244+ name = strings .TrimSpace (name )
245+ if id , ok := cipherMap [name ]; ok {
246+ ciphers = append (ciphers , id )
247+ } else {
248+ log .Printf ("Warning: Unknown cipher: %s" , name )
249+ }
250+ }
251+
252+ return ciphers
253+ }
254+
180255func main () {
181256 host := flag .String ("h" , "127.0.0.1" , "Server hostname." )
182257 port := flag .Int ("p" , 12000 , "Server port." )
183258 rps := flag .Int64 ("rps" , 0 , "Max rps. If 0 no limit is applied and the DB is stressed up to maximum." )
184259 rpsburst := flag .Int64 ("rps-burst" , 0 , "Max rps burst. If 0 the allowed burst will be the ammount of clients." )
185260 username := flag .String ("u" , "" , "Username for Redis Auth." )
186261 password := flag .String ("a" , "" , "Password for Redis Auth." )
187- enableTls := flag .Bool ("tls" , false , "Use TLS connection." )
188- tlsSkipCertCheck := flag .Bool ("tls-skip" , false , "Ignore TLS certificate check" )
262+ enableTls := flag .Bool ("tls" , false , "Establish a secure TLS connection." )
263+ // --insecure so that this is compatible with the redis-benchmark and redis-cli options
264+ tlsSkipCertCheck := flag .Bool ("insecure" , false , "Allow insecure TLS connection by skipping cert validation." )
265+ tlsCiphers := flag .String ("tls-ciphers" , "" , "Sets the list of preferred ciphers (TLSv1.2 and below)" )
266+ tlsCiphersuites := flag .String ("tls-ciphersuites" , "" , "Sets the list of preferred ciphersuites (TLSv1.3)" )
189267 jsonOutFile := flag .String ("json-out-file" , "" , "Results file. If empty will not save." )
190268 seed := flag .Int64 ("random-seed" , 12345 , "random seed to be used." )
191269 clients := flag .Uint64 ("c" , 50 , "number of clients." )
@@ -296,6 +374,23 @@ func main() {
296374 conf := & tls.Config {
297375 InsecureSkipVerify : * tlsSkipCertCheck ,
298376 }
377+
378+ // Configure TLS 1.2 and below ciphers
379+ if * tlsCiphers != "" {
380+ conf .CipherSuites = parseCiphers (* tlsCiphers )
381+ if * verbose {
382+ fmt .Printf ("Using TLS ciphers: %s\n " , * tlsCiphers )
383+ }
384+ }
385+
386+ // Configure TLS 1.3 cipher suites
387+ if * tlsCiphersuites != "" {
388+ conf .CipherSuites = parseCipherSuites (* tlsCiphersuites )
389+ if * verbose {
390+ fmt .Printf ("Using TLS cipher suites: %s\n " , * tlsCiphersuites )
391+ }
392+ }
393+
299394 opts .NetDialer = & tls.Dialer {
300395 NetDialer : nil ,
301396 Config : conf ,
@@ -369,6 +464,26 @@ func main() {
369464 ForceSingleClient : ! * clusterMode ,
370465 }
371466 clientOptions .Dialer .KeepAlive = * clientKeepAlive
467+
468+ // Configure TLS for rueidis client
469+ if * enableTls {
470+ tlsConfig := & tls.Config {
471+ InsecureSkipVerify : * tlsSkipCertCheck ,
472+ }
473+
474+ // Configure TLS 1.2 and below ciphers
475+ if * tlsCiphers != "" {
476+ tlsConfig .CipherSuites = parseCiphers (* tlsCiphers )
477+ }
478+
479+ // Configure TLS 1.3 cipher suites
480+ if * tlsCiphersuites != "" {
481+ tlsConfig .CipherSuites = parseCipherSuites (* tlsCiphersuites )
482+ }
483+
484+ clientOptions .TLSConfig = tlsConfig
485+ }
486+
372487 ruedisClient , err = rueidis .NewClient (clientOptions )
373488 cacheOptions := rueidis.CacheOptions {UseMultiExec : * cscUseMultiExec , UseServerPTTL : * cscUseMultiExec , ClientTTL : * cscDuration }
374489
0 commit comments