Enum TlsMode

Namespace

NATS.Client.Core

Assembly

NATS.Client.Core.dll

TLS mode to use during connection.

public enum TlsMode

Fields

Auto = 0

For connections that use the "nats://" scheme and don't supply Client or CA Certificates - same as Prefer. For connections that use the "tls://" scheme or supply Client or CA Certificates - same as Require.

When this resolves to Prefer, TLS is opportunistic: the connection may remain plaintext depending on the server's INFO response. Use the tls:// scheme or set Require explicitly when TLS is required.

Disable = 4

Disabled mode will not attempt to upgrade the connection to TLS.

Implicit = 3

Upgrades the connection to TLS as soon as the connection is established.

Prefer = 1

If the server supports TLS, then use it; otherwise, use plain-text.

This is an opportunistic TLS mode. The TLS decision is based on the server's INFO message, which arrives over plaintext before any encryption is established. On an untrusted network the connection may remain plaintext.

When connecting directly, this mode upgrades to TLS if the server supports it. Behind a TLS-terminating proxy, use Disable instead, as the client may attempt a TLS upgrade that the nats-server cannot complete.

If TLS is required, use the tls:// scheme or set Require explicitly.

Require = 2

Forces the connection to upgrade to TLS. if the Server does not support TLS, then fail the connection.

Remarks

Only Require and Implicit provide the full protection that TLS can offer. Other modes may fall back to plaintext depending on server configuration.