diff --git a/azurerm/internal/services/redis/data_source_redis_cache.go b/azurerm/internal/services/redis/data_source_redis_cache.go
index 1125b61068bb..8e183cd82623 100644
--- a/azurerm/internal/services/redis/data_source_redis_cache.go
+++ b/azurerm/internal/services/redis/data_source_redis_cache.go
@@ -289,8 +289,9 @@ func dataSourceArmRedisCacheRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("secondary_access_key", keys.SecondaryKey)
 
 	if props != nil {
-		d.Set("primary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keys.PrimaryKey, *props.EnableNonSslPort))
-		d.Set("secondary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keys.SecondaryKey, *props.EnableNonSslPort))
+		enableSslPort := !*props.EnableNonSslPort
+		d.Set("primary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keys.PrimaryKey, enableSslPort))
+		d.Set("secondary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keys.SecondaryKey, enableSslPort))
 	}
 
 	return tags.FlattenAndSet(d, resp.Tags)
diff --git a/azurerm/internal/services/redis/resource_arm_redis_cache.go b/azurerm/internal/services/redis/resource_arm_redis_cache.go
index 681b615f3b39..52935aebc023 100644
--- a/azurerm/internal/services/redis/resource_arm_redis_cache.go
+++ b/azurerm/internal/services/redis/resource_arm_redis_cache.go
@@ -570,8 +570,9 @@ func resourceArmRedisCacheRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("secondary_access_key", keysResp.SecondaryKey)
 
 	if props != nil {
-		d.Set("primary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keysResp.PrimaryKey, *props.EnableNonSslPort))
-		d.Set("secondary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keysResp.SecondaryKey, *props.EnableNonSslPort))
+		enableSslPort := !*props.EnableNonSslPort
+		d.Set("primary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keysResp.PrimaryKey, enableSslPort))
+		d.Set("secondary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keysResp.SecondaryKey, enableSslPort))
 	}
 
 	return tags.FlattenAndSet(d, resp.Tags)
diff --git a/azurerm/internal/services/redis/tests/resource_arm_redis_cache_test.go b/azurerm/internal/services/redis/tests/resource_arm_redis_cache_test.go
index c6a8dd1bdaff..fb8c4df2f126 100644
--- a/azurerm/internal/services/redis/tests/resource_arm_redis_cache_test.go
+++ b/azurerm/internal/services/redis/tests/resource_arm_redis_cache_test.go
@@ -3,6 +3,7 @@ package tests
 import (
 	"fmt"
 	"net/http"
+	"strings"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
@@ -20,12 +21,35 @@ func TestAccAzureRMRedisCache_basic(t *testing.T) {
 		CheckDestroy: testCheckAzureRMRedisCacheDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAzureRMRedisCache_basic(data),
+				Config: testAccAzureRMRedisCache_basic(data, true),
 				Check: resource.ComposeTestCheckFunc(
 					testCheckAzureRMRedisCacheExists(data.ResourceName),
 					resource.TestCheckResourceAttrSet(data.ResourceName, "minimum_tls_version"),
 					resource.TestCheckResourceAttrSet(data.ResourceName, "primary_connection_string"),
 					resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_connection_string"),
+					testCheckSSLInConnectionString(data.ResourceName, "primary_connection_string", true),
+					testCheckSSLInConnectionString(data.ResourceName, "secondary_connection_string", true),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
+func TestAccAzureRMRedisCache_withoutSSL(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_redis_cache", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMRedisCacheDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMRedisCache_basic(data, false),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMRedisCacheExists(data.ResourceName),
+					testCheckSSLInConnectionString(data.ResourceName, "primary_connection_string", false),
+					testCheckSSLInConnectionString(data.ResourceName, "secondary_connection_string", false),
 				),
 			},
 			data.ImportStep(),
@@ -42,7 +66,7 @@ func TestAccAzureRMRedisCache_requiresImport(t *testing.T) {
 		CheckDestroy: testCheckAzureRMRedisCacheDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAzureRMRedisCache_basic(data),
+				Config: testAccAzureRMRedisCache_basic(data, true),
 				Check: resource.ComposeTestCheckFunc(
 					testCheckAzureRMRedisCacheExists(data.ResourceName),
 				),
@@ -416,6 +440,7 @@ func TestAccAzureRMRedisCache_WithoutAuth(t *testing.T) {
 		},
 	})
 }
+
 func testCheckAzureRMRedisCacheExists(resourceName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		conn := acceptance.AzureProvider.Meta().(*clients.Client).Redis.Client
@@ -472,7 +497,7 @@ func testCheckAzureRMRedisCacheDestroy(s *terraform.State) error {
 	return nil
 }
 
-func testAccAzureRMRedisCache_basic(data acceptance.TestData) string {
+func testAccAzureRMRedisCache_basic(data acceptance.TestData, requireSSL bool) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
   features {}
@@ -490,17 +515,17 @@ resource "azurerm_redis_cache" "test" {
   capacity            = 1
   family              = "C"
   sku_name            = "Basic"
-  enable_non_ssl_port = false
+  enable_non_ssl_port = %t
   minimum_tls_version = "1.2"
 
   redis_configuration {
   }
 }
-`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, !requireSSL)
 }
 
 func testAccAzureRMRedisCache_requiresImport(data acceptance.TestData) string {
-	template := testAccAzureRMRedisCache_basic(data)
+	template := testAccAzureRMRedisCache_basic(data, true)
 	return fmt.Sprintf(`
 %s
 
@@ -1037,3 +1062,23 @@ resource "azurerm_redis_cache" "test" {
 }
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger)
 }
+
+func testCheckSSLInConnectionString(resourceName string, propertyName string, requireSSL bool) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		// Ensure we have enough information in state to look up in API
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceName)
+		}
+
+		connectionString := rs.Primary.Attributes[propertyName]
+		if strings.Contains(connectionString, fmt.Sprintf("ssl=%t", requireSSL)) {
+			return nil
+		}
+		if strings.Contains(connectionString, fmt.Sprintf("ssl=%t", !requireSSL)) {
+			return fmt.Errorf("Bad: wrong SSL setting in connection string: %s", propertyName)
+		}
+
+		return fmt.Errorf("Bad: missing SSL setting in connection string: %s", propertyName)
+	}
+}