Skip to content

TlsTransportSettings

Defined in: src/runtime/tcp/TcpBackend.ts:17

Runtime-neutral TCP transport abstraction consumed by TcpTransport.

Each of Bun / Node.js / Deno exposes TCP with a slightly different API shape (Bun’s callback-based Bun.listen, Node’s EventEmitter-based node:net, Deno’s async-iterable-based Deno.listen). TcpBackend hides the differences so the cluster transport only deals with TcpSocketLike values and a small set of callbacks.

TLS: the tls field on listen/connect carries a runtime-neutral shape; each adapter maps it to the corresponding native configuration. Bun and Node share most field names (cert, key, ca, requestCert/requestClientCert, rejectUnauthorized); Deno wraps everything in its Deno.listenTls / Deno.connectTls shape.

Properties

ca?

readonly optional ca?: string | Uint8Array<ArrayBufferLike>

Defined in: src/runtime/tcp/TcpBackend.ts:23

Trusted CA bundle — for client-auth validation and peer-cert validation.

cert?

readonly optional cert?: string | Uint8Array<ArrayBufferLike>

Defined in: src/runtime/tcp/TcpBackend.ts:19

Server cert (PEM string or DER bytes). If omitted, TLS is disabled on the listener.

key?

readonly optional key?: string | Uint8Array<ArrayBufferLike>

Defined in: src/runtime/tcp/TcpBackend.ts:21

Private key matching cert.

rejectUnauthorized?

readonly optional rejectUnauthorized?: boolean

Defined in: src/runtime/tcp/TcpBackend.ts:27

Reject outbound connections whose cert isn’t signed by ca. Default: true.

requestClientCert?

readonly optional requestClientCert?: boolean

Defined in: src/runtime/tcp/TcpBackend.ts:25

Require clients to present a valid cert signed by ca (server-side).

serverName?

readonly optional serverName?: string

Defined in: src/runtime/tcp/TcpBackend.ts:29

Override SNI hostname sent on outbound connects.