Redisson fails to connect with SSL, Lettuce does

We're trying to secure our ElastiCache/Redis connection with SSL. Part of this is an IT test, against a SSL secured Redis docker container. The container has all necessary certificate and key files, and a secure connection with redis-cli is possible without problems.

We created a keystore and truststore for use with our Redisson client, and use this as follows:

@Bean(destroyMethod = "shutdown")public RedissonClient redissonClient() throws MalformedURLException {    File truststore = new File("docker/certs/truststore.jks");    File keystore = new File("docker/certs/redis_key_store.p12");    Config config = new Config();    //SingleServerConfig singleServerConfig = config.useSingleServer();    ReplicatedServersConfig elasticacheServersConfig = config.useReplicatedServers();    elasticacheServersConfig            .setSslProtocols(new String[]{"TLSv1.3"})            .setSslCiphers(new String[] { "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_128_GCM_SHA256" })            .setSslEnableEndpointIdentification(false)            .setSslKeystorePassword("password")            .setSslKeystore(keystore.toURI().toURL())            .setSslTruststorePassword("password")            .setSslTruststore(truststore.toURI().toURL())            .setPassword("password");    redisEndpoints()            .stream()            .map(endpoint -> "rediss://" + endpoint.getAddress() +":" + endpoint.getPort())            .forEach(elasticacheServersConfig::addNodeAddress);    return Redisson.create(config);}

That, however, fails to connect, with these logs on the server side: Error accepting a client connection: error:0A000416:SSL routines::sslv3 alert certificate unknown. A quick search told me this is a problem the server has, but it is not 100% clear if this is due to the certs/keys (see below why we believe so)

When I use the same truststore and keystore in Lettuce, this connects without issue. The code for that is this:

@Beanpublic RedisConnectionFactory redisConnectionFactory() {    File truststore = new File("docker/certs/truststore.jks");    File keystore = new File("docker/certs/redis_key_store.p12");    var endpoint = new Endpoint().withAddress("127.0.0.1").withPort(63798);    final RedisStandaloneConfiguration redisStandaloneConfiguration =            new RedisStandaloneConfiguration(endpoint.getAddress(), endpoint.getPort());    redisStandaloneConfiguration.setPassword("password");    final LettuceClientConfiguration.LettuceClientConfigurationBuilder builder = LettuceClientConfiguration            .builder()            .readFrom(ReadFrom.MASTER_PREFERRED)            .commandTimeout(Duration.of(5000, ChronoUnit.MILLIS))            .clientOptions(ClientOptions.builder()                    .socketOptions(SocketOptions.builder()                            .keepAlive(true)                            .build())                    .sslOptions(SslOptions.builder()                            .keystore(keystore, "password".toCharArray())                            .truststore(truststore, "password")                            .build())                    .build());    builder.useSsl().disablePeerVerification();    return new LettuceConnectionFactory(redisStandaloneConfiguration, builder.build());}

and with some code using this like:

var connection = redisConnectionFactory.getConnection();    connection.set("test".getBytes(), "1".getBytes());    byte [] g = connection.get("test".getBytes());    connection.close();

The obvious difference is that in Lettuce we can disable peer verification. Is there any way to make this work with Redisson?

Unfortunately we have to use Redisson, because of the executor service it offers.