Function serve_tls 

pub async fn serve_tls(
    listener: TcpListener,
    tls_config: Arc<ServerConfig>,
    app: Router,
    shutdown_token: CancellationToken,
) -> Result<(), NodeError>

Serves an axum router over TLS using the provided rustls::ServerConfig.

Accepts TCP connections from listener, performs the TLS handshake via tokio_rustls::TlsAcceptor, then hands each connection to hyper for HTTP/1.1 or HTTP/2 serving (auto-detected via ALPN). WebSocket upgrades (/scp/v1) work transparently through hyper’s serve_connection_with_upgrades.

The loop terminates when shutdown_token is cancelled. In-flight connections are given a grace period to drain — the accept loop stops immediately, but spawned connection tasks run until the connection closes or the runtime shuts down.

See spec section 18.6.3 (TLS requirement) and 9.13 (TLS 1.3).

Errors

Returns NodeError::Serve on fatal bind or accept errors.