Rustelo/config/features/tls/dev.toml

# TLS Feature Configuration - Development Environment
# Settings optimized for local development (usually disabled)

[features]
tls = false

# TLS Configuration - Development
[server.tls]
enabled = false
cert_path = "certs/dev/server.crt"
key_path = "certs/dev/server.key"
ca_path = "certs/dev/ca.crt"
protocols = ["TLSv1.2", "TLSv1.3"]
ciphers = []  # Use default cipher suite
cert_chain_path = ""

# Self-signed certificate configuration for development
[tls.self_signed]
generate_on_startup = true
common_name = "localhost"
subject_alt_names = ["localhost", "127.0.0.1", "::1"]
key_size = 2048
valid_days = 365
organization = "Rustelo Dev"
country = "US"
state = "Development"
locality = "Local"

# ACME/Let's Encrypt - Disabled for development
[tls.acme]
enabled = false
directory_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
email = "dev@localhost"
domains = ["localhost"]
challenge_type = "http"
key_type = "rsa2048"

# mTLS (Mutual TLS) - Disabled for development
[tls.mtls]
enabled = false
client_ca_path = "certs/dev/client-ca.crt"
verify_client_cert = false
require_client_cert = false

# TLS Session Management - Basic for development
[tls.session]
timeout = 3600  # 1 hour
cache_size = 1000
resumption_enabled = false

# Security Settings - Relaxed for development
[tls.security]
min_version = "TLSv1.2"
max_version = "TLSv1.3"
prefer_server_ciphers = true
enable_sni = true
enable_ocsp_stapling = false
enable_hsts = false
hsts_max_age = 0
hsts_include_subdomains = false

# Development Settings
[tls.development]
allow_self_signed = true
skip_verification = true
log_handshake_errors = true
chore: add config path 2025-07-07 23:13:01 +01:00			`# TLS Feature Configuration - Development Environment`
			`# Settings optimized for local development (usually disabled)`

			`[features]`
			`tls = false`

			`# TLS Configuration - Development`
			`[server.tls]`
			`enabled = false`
			`cert_path = "certs/dev/server.crt"`
			`key_path = "certs/dev/server.key"`
			`ca_path = "certs/dev/ca.crt"`
			`protocols = ["TLSv1.2", "TLSv1.3"]`
			`ciphers = [] # Use default cipher suite`
			`cert_chain_path = ""`

			`# Self-signed certificate configuration for development`
			`[tls.self_signed]`
			`generate_on_startup = true`
			`common_name = "localhost"`
			`subject_alt_names = ["localhost", "127.0.0.1", "::1"]`
			`key_size = 2048`
			`valid_days = 365`
			`organization = "Rustelo Dev"`
			`country = "US"`
			`state = "Development"`
			`locality = "Local"`

			`# ACME/Let's Encrypt - Disabled for development`
			`[tls.acme]`
			`enabled = false`
			`directory_url = "https://acme-staging-v02.api.letsencrypt.org/directory"`
			`email = "dev@localhost"`
			`domains = ["localhost"]`
			`challenge_type = "http"`
			`key_type = "rsa2048"`

			`# mTLS (Mutual TLS) - Disabled for development`
			`[tls.mtls]`
			`enabled = false`
			`client_ca_path = "certs/dev/client-ca.crt"`
			`verify_client_cert = false`
			`require_client_cert = false`

			`# TLS Session Management - Basic for development`
			`[tls.session]`
			`timeout = 3600 # 1 hour`
			`cache_size = 1000`
			`resumption_enabled = false`

			`# Security Settings - Relaxed for development`
			`[tls.security]`
			`min_version = "TLSv1.2"`
			`max_version = "TLSv1.3"`
			`prefer_server_ciphers = true`
			`enable_sni = true`
			`enable_ocsp_stapling = false`
			`enable_hsts = false`
			`hsts_max_age = 0`
			`hsts_include_subdomains = false`

			`# Development Settings`
			`[tls.development]`
			`allow_self_signed = true`
			`skip_verification = true`
			`log_handshake_errors = true`