Disable resumption

rpxy-lib/Cargo.toml

@@ -87,7 +87,7 @@ hyper-rustls = { version = "0.27.7", default-features = false, features = [
 # tls and cert management for server
 rpxy-certs = { path = "../rpxy-certs/", default-features = false }
 hot_reload = "0.2.0"
-rustls = { version = "0.23.32", default-features = false }
+rustls = { version = "0.23.32", default-features = false, features = ["std"] }
 boring-rustls-provider = { git = "https://github.com/janrueth/boring-rustls-provider.git", rev = "490340afa77e2c08fc45853124f99d49f4f9f8a0", optional = true }
 rustls-openssl = { version = "0.3.0", default-features = false, features = ["tls12"], optional = true }
 rustls-post-quantum = { version = "0.2.4", optional = true }

rpxy-lib/src/forwarder/client.rs

@@ -216,11 +216,18 @@ where
     info!("Rustls backend: Mozilla WebPKI root certs used for backend connections");
 
     #[cfg(not(feature = "webpki-roots"))]
-    let builder = hyper_rustls::HttpsConnectorBuilder::new().with_platform_verifier();
-    #[cfg(not(feature = "webpki-roots"))]
-    let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_platform_verifier();
-    #[cfg(not(feature = "webpki-roots"))]
-    info!("Rustls backend: Platform verifier used for backend connections");
+    let (builder, builder_h2) = {
+      use rustls::{ClientConfig, client::Resumption};
+      use hyper_rustls::ConfigBuilderExt;
+      let mut client_config = ClientConfig::builder()
+        .try_with_platform_verifier().unwrap()
+        .with_no_client_auth();
+      client_config.resumption = Resumption::disabled();
+      let builder = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config.clone());
+      let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config);
+      info!("Rustls backend: Platform verifier used for backend connections");
+      (builder, builder_h2)
+    };
 
     let mut http = HttpConnector::new();
     http.enforce_http(false);