The Fix
pip install redis==7.1.0
Based on closed redis/redis-py issue #1757 · PR/commit linked
@@ -42,4 +42,4 @@ pip install ${PKG}
# RedisCluster tests
CLUSTER_URL="redis://localhost:16379/0"
-pytest -m 'not onlynoncluster and not redismod' --redis-url=${CLUSTER_URL}
+pytest -m 'not onlynoncluster and not redismod and not ssl' --redis-url=${CLUSTER_URL}
diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml
Option A — Upgrade to fixed release\npip install redis==7.1.0\nWhen NOT to use: This fix should not be used if the application does not require SSL encryption.\n\n
Why This Fix Works in Production
- Trigger: Enhancement Request: Support for encrypted SSL private keys
- Mechanism: The redis-py library did not support password-encrypted SSL private keys
- Why the fix works: Adds support for password-encrypted SSL private keys in redis-py, allowing users to specify an optional ssl_password argument. (first fixed release: 7.1.0).
Why This Breaks in Prod
- The redis-py library did not support password-encrypted SSL private keys
- Production symptom (often without a traceback): Enhancement Request: Support for encrypted SSL private keys
Proof / Evidence
- GitHub issue: #1757
- Fix PR: https://github.com/redis/redis-py/pull/1782
- First fixed release: 7.1.0
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.71
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“redis-py has long supported using SSL client certificates by specifying the ssl_certfile and ssl_keyfile arguments. Unfortunately, there doesn't seem to be any way to make this work if the private key is password-encrypted. The underlying s”
Failure Signature (Search String)
- Enhancement Request: Support for encrypted SSL private keys
Copy-friendly signature
Failure Signature
-----------------
Enhancement Request: Support for encrypted SSL private keys
Error Message
Signature-only (no traceback captured)
Error Message
-------------
Enhancement Request: Support for encrypted SSL private keys
What Broke
Users were unable to use SSL client certificates with encrypted private keys, leading to connection issues.
Why It Broke
The redis-py library did not support password-encrypted SSL private keys
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install redis==7.1.0
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/redis/redis-py/pull/1782
First fixed release: 7.1.0
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix should not be used if the application does not require SSL encryption.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
- Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
Version Compatibility Table
| Version | Status |
|---|---|
| 7.1.0 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.