ProFTPD module mod_tls_redis

The mod_tls_redis submodule is contained in the mod_tls_redis.c file, and is not compiled by default. Installation instructions are discussed here.

This submodule a Redis-based implementation of an external SSL session cache for use by the mod_tls module's TLSSessionCache directive. The module also implements a Redis-based implementation of an external OCSP response cache for the TLSStaplingCache directive.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (

This product includes cryptographic software written by Eric Young (


Please contact TJ Saunders <tj at> with any questions, concerns, or suggestions regarding this module.

The mod_tls_redis module supports the "redis" string for the type parameter of the TLSSessionCache configuration directive. The info parameter for mod_tls_redis can be empty/blank, indicating JSON encoding of the cached data. This means that the TLSSessionCache setting would look like:

  # Use JSON encoding for caching data using Redis
  TLSSessionCache redis:
If Redis support has not been enabled in your ProFTPD, this configuration cannot be used.

The mod_tls_redis module also supports the "redis" string for the type parameter of the TLStaplingCache configuration directive, e.g.:

  TLSStaplingCache redis:


  <IfModule mod_redis.c>
    RedisEngine on
    RedisServer redis-server

  <IfModule mod_tls.c>

    <IfModule mod_tls_redis.c>
      TLSSessionCache redis:
      TLSStaplingCache redis:

The mod_tls_redis module supports trace logging, via the module-specific log channels:

Thus for trace logging, to aid in debugging, you would use the following in your proftpd.conf:
  TraceLog /path/to/ftpd/trace.log
  Trace tls.redis:20
This trace logging can generate large files; it is intended for debugging use only, and should be removed from any production configuration.


The mod_tls_redis module is distributed with the ProFTPD source code. Simply follow the normal steps for using third-party modules in ProFTPD, being sure to include the mod_tls module (on which mod_tls_redis depends), and enabling redis support:
  $ ./configure --enable-redis --with-modules=mod_tls:mod_tls_redis
  $ make
  $ make install

Alternatively, if your proftpd was compiled with DSO support, you can use the prxs tool to build mod_tls_redis as a shared module:

  $ prxs -c -i -d mod_tls_redis.c

© Copyright 2017 TJ Saunders
All Rights Reserved