Support Lettuce SSL/TLS Verification Modes

[philsttr]

Lettuce 6.1.0.RELEASE added support for three SSL/TLS verification modes (SslVerifyMode):

• NONE (corresponds with setVerifyPeer(false))
• CA (only verifies the CA and cert, without verifying the hostname matches)
• FULL (corresponds with setVerifyPeer(true))

The new CA mode is most helpful for cluster mode, where the seed connection is made via hostname (and thus matches hostnames in the certificate), but then cluster node connections are made by IP address (which typically do not appear in SubjectAltNames of the certificate, particularly for redis instances from cloud providers).

Currently, Spring Data Redis only supports setVerifyPeer(boolean). I would like Spring Data Redis to support the three verification modes that Lettuce >= 6.1 now supports.

[philsttr]

Also somewhat related, I filed redis/lettuce#2837 to request an enhancement to verification modes to better secure connecting to redis in cluster mode from cloud providers.

[AnneMayor]

I think this is a good issue to approach for me. I am going to open PR within this weekend :)

[AnneMayor]

Since I have to do my work as soon as quickly I am going to open this PR until the end of June. Thanks.

[baojian123]

Hi @AnneMayor, I have opened a PR on this issue.

[AnneMayor]

Thank, @baojian123 👍