# TLS Feature Configuration - Development Environment
# Settings optimized for local development (usually disabled)

[features]
tls = false

# TLS Configuration - Development
[server.tls]
enabled = false
cert_path = "certs/dev/server.crt"
key_path = "certs/dev/server.key"
ca_path = "certs/dev/ca.crt"
protocols = ["TLSv1.2", "TLSv1.3"]
ciphers = []  # Use default cipher suite
cert_chain_path = ""

# Self-signed certificate configuration for development
[tls.self_signed]
generate_on_startup = true
common_name = "localhost"
subject_alt_names = ["localhost", "127.0.0.1", "::1"]
key_size = 2048
valid_days = 365
organization = "Rustelo Dev"
country = "US"
state = "Development"
locality = "Local"

# ACME/Let's Encrypt - Disabled for development
[tls.acme]
enabled = false
directory_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
email = "dev@localhost"
domains = ["localhost"]
challenge_type = "http"
key_type = "rsa2048"

# mTLS (Mutual TLS) - Disabled for development
[tls.mtls]
enabled = false
client_ca_path = "certs/dev/client-ca.crt"
verify_client_cert = false
require_client_cert = false

# TLS Session Management - Basic for development
[tls.session]
timeout = 3600  # 1 hour
cache_size = 1000
resumption_enabled = false

# Security Settings - Relaxed for development
[tls.security]
min_version = "TLSv1.2"
max_version = "TLSv1.3"
prefer_server_ciphers = true
enable_sni = true
enable_ocsp_stapling = false
enable_hsts = false
hsts_max_age = 0
hsts_include_subdomains = false

# Development Settings
[tls.development]
allow_self_signed = true
skip_verification = true
log_handshake_errors = true