I believe custom tlsconfigs has to be set using nats.Secure().

Again, this works today only due to chance and due to flow of nats.go which can change at any time. This feature has to go into nats.go please engage there and add an option so it's done right and we know it will work and be maintained in the long term.

What makes me a little confusion is the Description of nats.Secure() :

// Secure is an Option to enable TLS secure connections that skip server verification by default.
// Pass a TLS Configuration for proper TLS.
// A TLS Configuration using InsecureSkipVerify should NOT be used in a production setting.

In my first PR i tried to use nats.Secure() to enable InsecureSkipVerify, this only works if i supply a tls.Config{} struct. So currently nats.Secure() is broken because it doesnt handle the mentioned Auth things?

Secure() without a tlsc sets the Secure option true

https://github.com/nats-io/nats.go/blob/c693ec3784c00cf5f9ad9c0f4010b352482ab86d/nats.go#L880

Later this is called that will create a tlsc and set all the things so just calling Secure() would be fine

https://github.com/nats-io/nats.go/blob/c693ec3784c00cf5f9ad9c0f4010b352482ab86d/nats.go#L2088

if you do want to set a tls at least also set MinVersion: tls.VersionTLS12 here

But all that aside, I am still not happy supporting this option.

Why is your TLS setup broken that you need this?

This is for development env, I embedded nats js server and didnt want to use plain connection, plain is way more insecure than using a self signed tls.

I have tested just calling nats.Secure() without an tls.Config and the tls failure still exists.

if nats.Secure() doesn't do it, then again this should be fixed in nats.go

I strongly believe delegating tls setup to nats.go is the right thing to do - as security design, minimal versions or other constraints evolve we will forget to do same here when done in nats.go. Relying on nats.go to do the right thing is the safest behaviour.

Ok i will prepare a PR for that