Trojan Rust

TLS Settings

Client TLS configuration for SNI, ALPN, and certificate verification

TLS Options

OptionTypeDefaultDescription
snistringautoServer Name Indication hostname
alpnlist[]ALPN protocol negotiation
skip_verifyboolfalseSkip certificate verification
castringoptionalCustom CA certificate path

Server Name Indication (SNI)

By default, the SNI hostname is extracted from the remote address. Override it with:

[client.tls]
sni = "custom-hostname.example.com"

This is useful when the server's TLS certificate uses a different domain than the connection address.

ALPN Configuration

[client.tls]
alpn = ["h2", "http/1.1"]

ALPN (Application-Layer Protocol Negotiation) is advertised during the TLS handshake. Match the server's ALPN configuration for compatibility.

Custom CA Certificate

To connect to a server using a self-signed certificate or a private CA:

[client.tls]
ca = "/path/to/server-ca.pem"

The client will trust certificates signed by this CA in addition to the system certificate store.

Skip Verification (Debug Only)

For testing with self-signed certificates where you don't have the CA:

[client.tls]
skip_verify = true

Do not use in production. This disables all certificate validation, making the connection vulnerable to man-in-the-middle attacks.

Configuration

Client configuration reference

Usage Examples

Using the trojan-rs client with applications and system tools

On this page

TLS OptionsServer Name Indication (SNI)ALPN ConfigurationCustom CA CertificateSkip Verification (Debug Only)