From 60abd8691011b2258b7b83e9b8adbec8cac51d41 Mon Sep 17 00:00:00 2001
From: Antonio Torres <201475551+atgitwk@users.noreply.github.com>
Date: Sun, 13 Jul 2025 23:48:39 +0200
Subject: [PATCH 1/2] Add the ability to use TLS to the redis-session extension

---
 extensions/sessions/extension.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/extensions/sessions/extension.py b/extensions/sessions/extension.py
index c489f98f1..bf5759b46 100644
--- a/extensions/sessions/extension.py
+++ b/extensions/sessions/extension.py
@@ -48,7 +48,13 @@ def __init__(self, ctx, info):
         BaseSetup.__init__(self, ctx, info)
 
     def session_save_path(self):
-        return "tcp://%s:%s?auth=%s" % (
+        uri = self.creds.get('uri', '')
+        if uri.startswith('rediss://'):
+            scheme = 'tls'
+        else:
+            scheme = 'tcp'
+        return "%s://%s:%s?auth=%s" % (
+            scheme,
             self.creds.get('hostname',
                            self.creds.get('host', 'not-found')),
             self.creds.get('port', 'not-found'),

From 3b19b4f480c2a56caa5869effec2cf7859da0f31 Mon Sep 17 00:00:00 2001
From: Antonio Torres <201475551+atgitwk@users.noreply.github.com>
Date: Wed, 18 Feb 2026 14:28:41 +0100
Subject: [PATCH 2/2] add the ability to use TLS to the redis-session extension
 (Go version)

---
 src/php/extensions/sessions/sessions.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/php/extensions/sessions/sessions.go b/src/php/extensions/sessions/sessions.go
index b7adec9d5..c08f770ea 100644
--- a/src/php/extensions/sessions/sessions.go
+++ b/src/php/extensions/sessions/sessions.go
@@ -73,7 +73,17 @@ func (r *RedisSetup) SessionSavePath() string {
 		password = fmt.Sprintf("%v", pw)
 	}
 
-	return fmt.Sprintf("tcp://%s:%s?auth=%s", hostname, port, password)
+   // For now, tls scheme only uses OS default SSL context (eg. from /etc/pki/*)
+   // TODO: Try to add SSL context options (https://www.php.net/manual/en/context.ssl.php), but I don't known if they are all supported by PHP Redis session.save_path URL.
+	scheme := "tcp"
+	if u, ok := r.credentials["uri"]; ok {
+		uri := fmt.Sprintf("%v", u)
+		if strings.HasPrefix(uri, "rediss://") {
+			scheme = "tls"
+		}
+	}
+
+	return fmt.Sprintf("%s://%s:%s?auth=%s", scheme, hostname, port, password)
 }
 
 // ExtensionName returns the PHP extension name