Adds ssl min version

Signed-off-by: Elena Kolevska <elena@kolevska.com>

Author: elena-kolevska

.env.example

@@ -16,6 +16,7 @@ REDIS_SSL_CHECK_HOSTNAME=true
 REDIS_SSL_PASSWORD=
 REDIS_SSL_VALIDATE_OCSP=false
 REDIS_SSL_VALIDATE_OCSP_STAPLED=false
+REDIS_SSL_MIN_VERSION=
 REDIS_SSL_CIPHERS=
 REDIS_RELAXED_TIMEOUT=
 REDIS_SOCKET_TIMEOUT=5.0

cli.py

@@ -127,8 +127,7 @@ def describe_profile(profile_name):
 @click.option('--ssl-ca-data', default=lambda: get_env_or_default('REDIS_SSL_CA_DATA', None), help='CA certificate data as string')
 @click.option('--ssl-check-hostname', is_flag=True, default=lambda: get_env_or_default('REDIS_SSL_CHECK_HOSTNAME', True, bool), help='Check SSL hostname')
 @click.option('--ssl-password', default=lambda: get_env_or_default('REDIS_SSL_PASSWORD', None), help='Password for SSL private key')
-@click.option('--ssl-validate-ocsp', is_flag=True, default=lambda: get_env_or_default('REDIS_SSL_VALIDATE_OCSP', False, bool), help='Validate OCSP')
-@click.option('--ssl-validate-ocsp-stapled', is_flag=True, default=lambda: get_env_or_default('REDIS_SSL_VALIDATE_OCSP_STAPLED', False, bool), help='Validate OCSP stapled')
+@click.option('--ssl-min-version', default=lambda: get_env_or_default('REDIS_SSL_MIN_VERSION', None), help='Minimum SSL/TLS version')
 @click.option('--ssl-ciphers', default=lambda: get_env_or_default('REDIS_SSL_CIPHERS', None), help='SSL cipher suite')
 @click.option('--socket-timeout', type=float, default=lambda: get_env_or_default('REDIS_SOCKET_TIMEOUT', None), help='Socket timeout in seconds')
 @click.option('--socket-connect-timeout', type=float, default=lambda: get_env_or_default('REDIS_SOCKET_CONNECT_TIMEOUT', None), help='Socket connect timeout in seconds')
@@ -301,8 +300,7 @@ def _build_config_from_args(kwargs) -> RunnerConfig:
         ssl_ca_data=kwargs['ssl_ca_data'],
         ssl_check_hostname=kwargs['ssl_check_hostname'],
         ssl_password=kwargs['ssl_password'],
-        ssl_validate_ocsp=kwargs['ssl_validate_ocsp'],
-        ssl_validate_ocsp_stapled=kwargs['ssl_validate_ocsp_stapled'],
+        ssl_min_version=kwargs['ssl_min_version'],
         ssl_ciphers=kwargs['ssl_ciphers'],
         socket_timeout=kwargs['socket_timeout'],
         socket_connect_timeout=kwargs['socket_connect_timeout'],

config.py

@@ -98,10 +98,6 @@ class RedisConnectionConfig:
     ssl_ca_data: Optional[str] = None
     ssl_check_hostname: bool = True
     ssl_password: Optional[str] = None
-    ssl_validate_ocsp: bool = False
-    ssl_validate_ocsp_stapled: bool = False
-    ssl_ocsp_context: Optional[Any] = None  # OpenSSL.SSL.Context
-    ssl_ocsp_expected_cert: Optional[str] = None
     ssl_min_version: Optional[Any] = None  # ssl.TLSVersion
     ssl_ciphers: Optional[str] = None
 

redis_client.py

@@ -77,14 +77,6 @@ def _build_pool_kwargs(self) -> Dict[str, Any]:
                 ssl_kwargs['ssl_check_hostname'] = self.config.ssl_check_hostname
             if self.config.ssl_password is not None:
                 ssl_kwargs['ssl_password'] = self.config.ssl_password
-            if self.config.ssl_validate_ocsp is not None:
-                ssl_kwargs['ssl_validate_ocsp'] = self.config.ssl_validate_ocsp
-            if self.config.ssl_validate_ocsp_stapled is not None:
-                ssl_kwargs['ssl_validate_ocsp_stapled'] = self.config.ssl_validate_ocsp_stapled
-            if self.config.ssl_ocsp_context is not None:
-                ssl_kwargs['ssl_ocsp_context'] = self.config.ssl_ocsp_context
-            if self.config.ssl_ocsp_expected_cert is not None:
-                ssl_kwargs['ssl_ocsp_expected_cert'] = self.config.ssl_ocsp_expected_cert
             if self.config.ssl_min_version is not None:
                 ssl_kwargs['ssl_min_version'] = self.config.ssl_min_version
             if self.config.ssl_ciphers is not None: