Jump to solution
Verify

redis-py How to make ssl_check_hostname False for RedisCluster connection (Fix)

Fixed
Spec
Package
redis-py
Fixed In
7.1.0
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-08
Own content ratio
0.61
#3635 ai timeouts tls Updated: 2026-02-13
Issue #3635

The Fix

pip install redis==7.1.0

Based on closed redis/redis-py issue #3635 · PR/commit linked

Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.

Jump to Verify Open PR/Commit
@@ -71,6 +71,7 @@ * Close SSL sockets if the connection attempt fails, or if validations fail. (#3317) * Eliminate mutable default arguments in the `redis.commands.core.Script` class. (#3332) + * Fix SSL verification with `ssl_cert_reqs="none"` and `ssl_check_hostname=True` by automatically setting `check_hostname=False` when `verify_mode=ssl.CERT_NONE` (#3635) * Allow newer versions of PyJWT as dependency. (#3630)
repro.py
REDIS_DATABASE_TEST = redis.RedisCluster( host=REDIS_HOSTNAME, port=PORT, password=REDIS_PASSWORD, ssl=True, decode_responses=True, socket_timeout=5, ssl_cert_reqs=u'none', ssl_check_hostname=False, # Not working )
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install redis==7.1.0\nWhen NOT to use: Do not use this fix if strict hostname verification is required for security.\n\n

Why This Fix Works in Production

  • Trigger: How to make ssl_check_hostname False for RedisCluster connection
  • Mechanism: The SSL library prevents check_hostname from being true when verify_mode is set to CERT_NONE
  • Why the fix works: Fixes the issue by automatically setting `check_hostname=False` when `verify_mode=ssl.CERT_NONE` for RedisCluster connections, ensuring compatibility with SSL settings. (first fixed release: 7.1.0).
Production impact:
  • If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.

Why This Breaks in Prod

  • The SSL library prevents check_hostname from being true when verify_mode is set to CERT_NONE
  • Production symptom (often without a traceback): How to make ssl_check_hostname False for RedisCluster connection

Proof / Evidence

  • GitHub issue: #3635
  • Fix PR: https://github.com/redis/redis-py/pull/3637
  • First fixed release: 7.1.0
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-08
  • Confidence: 0.85
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.61

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“https://github.com/redis/redis-py/pull/3637 i hope that will be helpful for you”
@omerfeyzioglu · 2025-05-06 · source

Failure Signature (Search String)

  • How to make ssl_check_hostname False for RedisCluster connection
  • I am getting following error while making the connection to redis cluster and need to make `ssl_check_hostname` False but not bale to do the same.
Copy-friendly signature
signature.txt
Failure Signature ----------------- How to make ssl_check_hostname False for RedisCluster connection I am getting following error while making the connection to redis cluster and need to make `ssl_check_hostname` False but not bale to do the same.

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- How to make ssl_check_hostname False for RedisCluster connection I am getting following error while making the connection to redis cluster and need to make `ssl_check_hostname` False but not bale to do the same.

Minimal Reproduction

repro.py
REDIS_DATABASE_TEST = redis.RedisCluster( host=REDIS_HOSTNAME, port=PORT, password=REDIS_PASSWORD, ssl=True, decode_responses=True, socket_timeout=5, ssl_cert_reqs=u'none', ssl_check_hostname=False, # Not working )

What Broke

Users cannot connect to Redis Cluster due to SSL verification errors.

Why It Broke

The SSL library prevents check_hostname from being true when verify_mode is set to CERT_NONE

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install redis==7.1.0

When NOT to use: Do not use this fix if strict hostname verification is required for security.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/redis/redis-py/pull/3637

First fixed release: 7.1.0

Last verified: 2026-02-08. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • Do not use this fix if strict hostname verification is required for security.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
  • Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
  • Make timeouts explicit and test them (unit + integration) to avoid silent behavior changes.
  • Instrument retries (attempt count + reason) and alert on spikes to catch dependency slowdowns.

Version Compatibility Table

VersionStatus
7.1.0 Fixed

Related Issues

No related fixes found.

Cluster: redis-py:configuration-error redis-py hub redis-py best practices All hubs All clusters
Related clusters: Retry storm Data consistency Race condition

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #3635. Not affiliated with the library maintainers. Verify before production use.