Skip to content

feat: add native-tls as an optional TLS backend#631

Merged
alexhancock merged 1 commit intomodelcontextprotocol:mainfrom
r0x0d:feat/native-tls-support
Feb 4, 2026
Merged

feat: add native-tls as an optional TLS backend#631
alexhancock merged 1 commit intomodelcontextprotocol:mainfrom
r0x0d:feat/native-tls-support

Conversation

@r0x0d
Copy link
Contributor

@r0x0d r0x0d commented Jan 27, 2026

Add reqwest-native-tls feature flag to allow users to choose between rustls (default) and native-tls for HTTP transports.

native-tls uses platform-native TLS implementations:

  • OpenSSL on Linux
  • Secure Transport on macOS
  • SChannel on Windows

Motivation and Context

This is particularly useful for Linux distribution packagers who need to link against system TLS libraries (e.g., OpenSSL) rather than bundling a separate TLS implementation. Linking against system libs ensures security updates are applied system-wide and satisfies distribution packaging policies.

How Has This Been Tested?

Ran cargo test locally, but it seems that even the default upstream tests are failing right now.

Breaking Changes

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@r0x0d
feat: add native-tls as an optional TLS backend
127f56c 
Add reqwest-native-tls feature flag to allow users to choose between
rustls (default) and native-tls for HTTP transports.

native-tls uses platform-native TLS implementations:
- OpenSSL on Linux
- Secure Transport on macOS
- SChannel on Windows

This is particularly useful for Linux distribution packagers who need
to link against system TLS libraries (e.g., OpenSSL) rather than
bundling a separate TLS implementation. Linking against system libs
ensures security updates are applied system-wide and satisfies
distribution packaging policies.

Updated documentation to explain the available TLS backend options.
@github-actions github-actions bot added T-documentation Documentation improvements T-dependencies Dependencies related changes T-config Configuration file changes labels Jan 27, 2026
@jokemanfire jokemanfire requested a review from Copilot January 30, 2026 01:32
Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an opt-in reqwest-native-tls feature to let consumers choose platform-native TLS (vs rustls) for reqwest-based HTTP usage, primarily to support distro packaging requirements.

Changes:

  • Adds a new Cargo feature (reqwest-native-tls) that enables reqwest’s native-tls backend.
  • Updates the crate README feature-flag documentation to describe available TLS backend options.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
crates/rmcp/Cargo.toml Introduces reqwest-native-tls feature flag wiring to reqwest?/native-tls.
crates/rmcp/README.md Documents TLS backend feature options for HTTP transports.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

crates/rmcp/README.md
Comment on lines 277 to 278


Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This section lists the TLS backend flags, but it doesn’t clarify (a) that they’re intended to be mutually exclusive and (b) that transport-streamable-http-client-reqwest / auth only enable the reqwest dependency (__reqwest) and still require exactly one of these TLS backend features to support https. Adding a short note about the required feature combinations would prevent misconfiguration and surprising runtime errors.

Suggested change
These TLS backend features are intended to be mutually exclusive: enable at most one of them at a time. When using
`transport-streamable-http-client-reqwest` or `auth`, those features only enable the `reqwest` dependency (`__reqwest`)
and do not select a TLS backend for you; to support HTTPS, you must also enable exactly one of the TLS backend features
listed above.

Copilot uses AI. Check for mistakes.
Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@alexhancock alexhancock merged commit bfd9cc0 into modelcontextprotocol:main Feb 4, 2026
17 checks passed
@github-actions github-actions bot mentioned this pull request Feb 4, 2026
Open
@r0x0d r0x0d deleted the feat/native-tls-support branch February 4, 2026 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@alexhancock alexhancock alexhancock approved these changes

Assignees

No one assigned

Labels

T-config Configuration file changes T-dependencies Dependencies related changes T-documentation Documentation improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@r0x0d @alexhancock