/** TLS configuration options. */
export interface TLSConfig {
    /**
     * Overrides the target name (SNI) used for TLS host name checking.
     * If this attribute is not specified, the name used for TLS host name checking will be the host from {@link ServerOptions.url}.
     * This can be useful when you have reverse proxy in front of temporal server, and you may want to override the SNI to
     * direct traffic to the appropriate backend server based on custom routing rules. Oppositely, connections could be refused
     * if the provided SNI does not match the expected host. Adding this override should be done with care.
     */
    serverNameOverride?: string;
    /**
     * Root CA certificate used by the server. If not set, and the server's
     * cert is issued by someone the operating system trusts, verification will still work (ex: Cloud offering).
     */
    serverRootCACertificate?: Uint8Array;
    /** Sets the client certificate and key for connecting with mTLS */
    clientCertPair?: {
        /** The certificate for this client */
        crt: Uint8Array;
        /** The private key for this client */
        key: Uint8Array;
    };
}
/**
 * TLS configuration.
 * Pass a falsy value to use a non-encrypted connection or `true` or `{}` to
 * connect with TLS without any customization.
 */
export type TLSConfigOption = TLSConfig | boolean | undefined | null;
/**
 * Normalize {@link TLSConfigOption} by turning false and null to undefined and true to and empty object
 */
export declare function normalizeTlsConfig(tls: TLSConfigOption, apiKey?: string | (() => string) | undefined): TLSConfig | undefined;