From a5e166e0b021bc091221d7316ec1abf65278545c Mon Sep 17 00:00:00 2001
From: Kristofers Solo <dev@kristofers.xyz>
Date: Wed, 25 Feb 2026 16:26:28 +0200
Subject: [PATCH] feat(runner): disable certificate caching

---
 runner/src/main.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/runner/src/main.rs b/runner/src/main.rs
index 7ba88d0..4487229 100644
--- a/runner/src/main.rs
+++ b/runner/src/main.rs
@@ -19,6 +19,7 @@ use runner::{
 use rustls::{
     ClientConfig, DigitallySignedStruct, SignatureScheme,
     client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
+    compress::CompressionCache,
     crypto::aws_lc_rs::{
         self,
         kx_group::{X25519, X25519MLKEM768},
@@ -104,7 +105,7 @@ fn build_tls_config(mode: KeyExchangeMode) -> miette::Result<ClientConfig> {
         KeyExchangeMode::X25519Mlkem768 => vec![X25519MLKEM768],
     };
 
-    let config = ClientConfig::builder_with_provider(Arc::new(provider))
+    let mut config = ClientConfig::builder_with_provider(Arc::new(provider))
         .with_protocol_versions(&[&TLS13])
         .into_diagnostic()
         .context("failed to set TLS versions")?
@@ -112,6 +113,8 @@ fn build_tls_config(mode: KeyExchangeMode) -> miette::Result<ClientConfig> {
         .with_custom_certificate_verifier(Arc::new(NoVerifier))
         .with_no_client_auth();
 
+    config.cert_compression_cache = Arc::new(CompressionCache::Disabled);
+
     Ok(config)
 }