Heroku Redis Add-On Error error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Question

After upgrading my Heroku Redis add-on to v6.2.3 from v4, Heroku papertrail logs display this error: Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I am connecting to Redis using NodeJs and the bull npm package (https://www.npmjs.com/package/bull). I found similar questions related to this error, along with Heroku documentation, and based on that I have set my bull redis options to the following:

redis: {
    host: redisURL.hostname,
    port: Number(redisURL.port),
    password: redisURL.password,
    tls: {
      rejectUnauthorized: false,
    },
  },

Note the tls parameter. I have set it to Heroku's recommendations here: https://devcenter.heroku.com/articles/heroku-redis#connecting-in-node-js

After getting stuck for a while, I attempted to simply comment out any client code that connects to Redis, delete the add-on, and re-provision the add-on. I expected to see no redis logs in papertrail when I did this, but I still see the same error, even when no code that connects to redis is being run... This leads me to believe maybe it's a setting on the actual Redis add-on instance, rather than an issue with my code, but I am at a loss.

Updates:

I logged into the redis:cli and did some investigation. client list reveals 2 client connections. 1 is the instance of the redis:cli I am running in my terminal, and another is the a client with a flag that means "the client is a replica node connection to this instance" (see https://redis.io/commands/client-list). What is interesting is the error that is being logged in papertrail shows the file descriptor for the client connection that is having the SSL error fd=12, while the 2 clients shown in client list have the file descriptors fd=10 and fd=11. So there must be another client connection with fd=12 that isn't appearing in client list command causing the error shown above.

Answer 1

Ran into the same problem. In addition to rejectUnauthorized: false, adding requestCert: true, solved it for me. In addition, some clients need agent: false, (but the version of Bull I'm using doesn't recognise that argument)

  redis: {
    host: redisURL.hostname,
    port: Number(redisURL.port),
    password: redisURL.password,
    tls: {
      rejectUnauthorized: false,
      requestCert: true,
      // agent: false, (not all clients accept this)
    },
  },

Answer 2

Jasper Kennis' answer is correct. Adding tls: {rejectUnauthorized: false} fixed this issue for me. Unfortunately, Heroku only gives you a full REDIS_URL connection string, so you need to parse the password/host/port yourself (you can't specify both a URL and tls settings). Here's my BullModule.forRoot() config object if it helps:

redis: {
    password: process.env.REDIS_URL.split('@')[0].split(':')[2],
    host: process.env.REDIS_URL.split('@')[1].split(':')[0],
    port: parseInt(process.env.REDIS_URL.split('@')[1].split(':')[1]),
    tls: { rejectUnauthorized: false },
  }

Using: @nestjs/bull: 0.6.0, Heroku redis: 6.2.3