TLS support in transport between RAFT nodes.

Skip to first unread message


Apr 29, 2024, 12:45:57 PMApr 29
to raft-dev

It uses the default NetworkTransport implemented out of the box. 

I am trying to understand how we can enable TLS on the transport used between the RAFT nodes, so that all heartbeat and data updates are done over a secure transport. 

The NetworkTransport does discuss about TLS but it is not clear how it is achieved. 

NetworkTransport provides a network based transport that can be used to communicate with Raft on remote machines. It requires an underlying stream layer to provide a stream abstraction, which can be simple TCP, TLS, etc.


Diego Ongaro

Apr 29, 2024, 9:50:18 PMApr 29
Hi AJ,

From the docs, it sounds like you're supposed to implement the StreamLayer interface and then pass your implementation into NewNetworkTransport. Maybe that's enough to point you in the right direction.

A better place for this question may be the hashicorp/raft issue tracker: . This issue from 2017 looks relevant:

Hope this helps,

You received this message because you are subscribed to the Google Groups "raft-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

Philip O'Toole

Apr 30, 2024, 12:56:27 PMApr 30
Wrap your TLS Listener (and Dialer) in this interface:

and then pass it to:

Then pass that Network Transport object to the Rest of the Hashicorp code. This is basically what rqlite does (see though it's more complicated as it multiplexes a couple of logical connections over the single physical TLS connection.


Reply all
Reply to author
0 new messages