The Fix
pip install redis==7.1.1
Based on closed redis/redis-py issue #3347 · PR/commit linked
Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.
@@ -247,6 +247,7 @@ def __init__(
ssl_min_version: Optional[TLSVersion] = None,
ssl_ciphers: Optional[str] = None,
+ ssl_password: Optional[str] = None,
max_connections: Optional[int] = None,
single_connection_client: bool = False,
Option A — Upgrade to fixed release\npip install redis==7.1.1\nWhen NOT to use: This fix should not be used if the Redis client does not require SSL or mTLS.\n\n
Why This Fix Works in Production
- Trigger: `ssl_password` is not supported at `redis.asyncio.Redis` constructor
- Mechanism: The async Redis client did not support the ssl_password parameter for encrypted private keys
- Why the fix works: Added support for the `ssl_password` parameter in the async Redis client to enable using encrypted private keys. (first fixed release: 7.1.1).
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- The async Redis client did not support the ssl_password parameter for encrypted private keys
- Production symptom (often without a traceback): `ssl_password` is not supported at `redis.asyncio.Redis` constructor
Proof / Evidence
- GitHub issue: #3347
- Fix PR: https://github.com/redis/redis-py/pull/3878
- First fixed release: 7.1.1
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.70
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.78
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Looking at previous issues I'd guess this could be fixed by just passing the parameter along? See #1757 and #2060. Or is there something that…”
Failure Signature (Search String)
- `ssl_password` is not supported at `redis.asyncio.Redis` constructor
Copy-friendly signature
Failure Signature
-----------------
`ssl_password` is not supported at `redis.asyncio.Redis` constructor
Error Message
Signature-only (no traceback captured)
Error Message
-------------
`ssl_password` is not supported at `redis.asyncio.Redis` constructor
What Broke
Users cannot establish mTLS connections with passphrase-protected keys.
Why It Broke
The async Redis client did not support the ssl_password parameter for encrypted private keys
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install redis==7.1.1
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/redis/redis-py/pull/3878
First fixed release: 7.1.1
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix should not be used if the Redis client does not require SSL or mTLS.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
- Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
- Add a stress test that runs high-concurrency workloads and fails on thread dumps / blocked locks.
- Enable watchdog dumps in prod (faulthandler, thread dump endpoint) to capture deadlocks quickly.
Version Compatibility Table
| Version | Status |
|---|---|
| 7.1.1 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.