handles tls min version argument

Signed-off-by: Elena Kolevska <elena@kolevska.com>

Author: elena-kolevska

cli.py

@@ -127,7 +127,7 @@ def describe_profile(profile_name):
 @click.option('--ssl-ca-data', default=lambda: get_env_or_default('REDIS_SSL_CA_DATA', None), help='CA certificate data as string')
 @click.option('--ssl-check-hostname', is_flag=True, default=lambda: get_env_or_default('REDIS_SSL_CHECK_HOSTNAME', True, bool), help='Check SSL hostname')
 @click.option('--ssl-password', default=lambda: get_env_or_default('REDIS_SSL_PASSWORD', None), help='Password for SSL private key')
-@click.option('--ssl-min-version', default=lambda: get_env_or_default('REDIS_SSL_MIN_VERSION', None), help='Minimum SSL/TLS version')
+@click.option('--ssl-min-version', default=lambda: get_env_or_default('REDIS_SSL_MIN_VERSION', None), help='Minimum SSL/TLS version (TLSv1, TLSv1_1, TLSv1_2, TLSv1_3 or 1.0, 1.1, 1.2, 1.3)')
 @click.option('--ssl-ciphers', default=lambda: get_env_or_default('REDIS_SSL_CIPHERS', None), help='SSL cipher suite')
 @click.option('--socket-timeout', type=float, default=lambda: get_env_or_default('REDIS_SOCKET_TIMEOUT', None), help='Socket timeout in seconds')
 @click.option('--socket-connect-timeout', type=float, default=lambda: get_env_or_default('REDIS_SOCKET_CONNECT_TIMEOUT', None), help='Socket connect timeout in seconds')

config.py

@@ -7,6 +7,7 @@
 import json
 import importlib.metadata
 import re
+import ssl as ssl_module
 
 
 def get_redis_version() -> str:
@@ -80,7 +81,6 @@ class RedisConnectionConfig:
     username: Optional[str] = None
     password: Optional[str] = None
     database: int = 0  # Changed from 'db' to match lettuce
-    use_tls: bool = False  # Changed from 'ssl' to match lettuce
     verify_peer: bool = False
     protocol: int = 3  # 2 for RESP2, 3 for RESP3
 
@@ -98,7 +98,7 @@ class RedisConnectionConfig:
     ssl_ca_data: Optional[str] = None
     ssl_check_hostname: bool = True
     ssl_password: Optional[str] = None
-    ssl_min_version: Optional[Any] = None  # ssl.TLSVersion
+    ssl_min_version: Optional[ssl_module.TLSVersion] = None  # ssl.TLSVersion
     ssl_ciphers: Optional[str] = None
 
     # Connection settings

redis_client.py

@@ -2,6 +2,7 @@
 Redis client management with support for standalone, cluster, and TLS connections.
 """
 import time
+import ssl
 from typing import Optional, List, Dict, Any, Union
 import redis
 import redis.sentinel
@@ -18,6 +19,59 @@
 from metrics import get_metrics_collector
 
 
+def _convert_ssl_min_version(version_str: Optional[str]) -> Optional[ssl.TLSVersion]:
+    """Convert string SSL version to ssl.TLSVersion enum."""
+    if not version_str:
+        return None
+
+    # Mapping of string values to ssl.TLSVersion enum values
+    version_mapping = {
+        'TLSv1': ssl.TLSVersion.TLSv1,
+        'TLSv1_1': ssl.TLSVersion.TLSv1_1,
+        'TLSv1_2': ssl.TLSVersion.TLSv1_2,
+        'TLSv1_3': ssl.TLSVersion.TLSv1_3,
+        # Also support lowercase variants
+        'tlsv1': ssl.TLSVersion.TLSv1,
+        'tlsv1_1': ssl.TLSVersion.TLSv1_1,
+        'tlsv1_2': ssl.TLSVersion.TLSv1_2,
+        'tlsv1_3': ssl.TLSVersion.TLSv1_3,
+        # Support numeric versions
+        '1.0': ssl.TLSVersion.TLSv1,
+        '1.1': ssl.TLSVersion.TLSv1_1,
+        '1.2': ssl.TLSVersion.TLSv1_2,
+        '1.3': ssl.TLSVersion.TLSv1_3,
+    }
+
+    if version_str in version_mapping:
+        return version_mapping[version_str]
+    else:
+        raise ValueError(f"Unsupported SSL version: {version_str}. "
+                        f"Supported versions: {list(version_mapping.keys())}")
+
+
+def _convert_ssl_cert_reqs(cert_reqs: Union[str, int]) -> Union[ssl.VerifyMode, int]:
+    """Convert string cert requirements to ssl.VerifyMode enum."""
+    if isinstance(cert_reqs, int):
+        return cert_reqs
+
+    # Mapping of string values to ssl.VerifyMode enum values
+    cert_reqs_mapping = {
+        'none': ssl.CERT_NONE,
+        'optional': ssl.CERT_OPTIONAL,
+        'required': ssl.CERT_REQUIRED,
+        # Also support uppercase variants
+        'NONE': ssl.CERT_NONE,
+        'OPTIONAL': ssl.CERT_OPTIONAL,
+        'REQUIRED': ssl.CERT_REQUIRED,
+    }
+
+    if cert_reqs in cert_reqs_mapping:
+        return cert_reqs_mapping[cert_reqs]
+    else:
+        raise ValueError(f"Unsupported SSL cert requirements: {cert_reqs}. "
+                        f"Supported values: {list(cert_reqs_mapping.keys())}")
+
+
 class RedisClient:
     """Manages Redis connections with automatic reconnection and error handling."""
 
@@ -60,13 +114,15 @@ def _build_pool_kwargs(self) -> Dict[str, Any]:
         if self.config.ssl:
             ssl_kwargs = {'ssl': True}
 
+
+
             # Add SSL parameters directly as redis-py expects them
             if self.config.ssl_keyfile is not None:
                 ssl_kwargs['ssl_keyfile'] = self.config.ssl_keyfile
             if self.config.ssl_certfile is not None:
                 ssl_kwargs['ssl_certfile'] = self.config.ssl_certfile
             if self.config.ssl_cert_reqs is not None:
-                ssl_kwargs['ssl_cert_reqs'] = self.config.ssl_cert_reqs
+                ssl_kwargs['ssl_cert_reqs'] = _convert_ssl_cert_reqs(self.config.ssl_cert_reqs)
             if self.config.ssl_ca_certs is not None:
                 ssl_kwargs['ssl_ca_certs'] = self.config.ssl_ca_certs
             if self.config.ssl_ca_path is not None:
@@ -78,7 +134,7 @@ def _build_pool_kwargs(self) -> Dict[str, Any]:
             if self.config.ssl_password is not None:
                 ssl_kwargs['ssl_password'] = self.config.ssl_password
             if self.config.ssl_min_version is not None:
-                ssl_kwargs['ssl_min_version'] = self.config.ssl_min_version
+                ssl_kwargs['ssl_min_version'] = _convert_ssl_min_version(self.config.ssl_min_version)
             if self.config.ssl_ciphers is not None:
                 ssl_kwargs['ssl_ciphers'] = self.config.ssl_ciphers