---
title: Redis cache allows non-SSL connections
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > Redis cache allows non-SSL connections
---

# Redis cache allows non-SSL connections

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `ansible-azure-redis-cache-allows-non-ssl-connections` 

**Provider:** Azure

**Platform:** Ansible

**Severity:** Medium

**Category:** Insecure Configurations

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_rediscache_module.html)

### Description{% #description %}

Allowing non-SSL (plaintext) connections to Azure Cache for Redis exposes data in transit to interception and tampering. This can leak credentials and sensitive cached data or enable man-in-the-middle attacks.

For Ansible tasks using the `azure.azcollection.azure_rm_rediscache` or `azure_rm_rediscache` modules, the `enable_non_ssl_port` property must be set to `false` or omitted so only SSL/TLS connections are permitted. Resources with `enable_non_ssl_port: true` are flagged. Ensure clients connect over the TLS/SSL port (typically 6380) and validate certificates.

Secure Ansible configuration example:

```yaml
- name: Create Redis Cache with TLS-only access
  azure.azcollection.azure_rm_rediscache:
    resource_group: my-rg
    name: my-redis
    location: eastus
    sku: name=Standard
    enable_non_ssl_port: false
```

## Compliant Code Examples{% #compliant-code-examples %}

```yaml
- name: Non SSl Disallowed
  azure_rm_rediscache:
    resource_group: myResourceGroup
    name: myRedis
    enable_non_ssl_port: no
- name: Non SSl Undefined
  azure_rm_rediscache:
    resource_group: myResourceGroup
    name: myRedis
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```yaml
- name: Non SSl Allowed
  azure_rm_rediscache:
      resource_group: myResourceGroup
      name: myRedis
      enable_non_ssl_port: yes
```