acme/autocert: enable HTTP/2 on listener
Enables HTTP/2 on any servers used with the autocert listener
by setting "h2" in NextProtos of the listener *tls.Config.
Also adds a warning to the listener documentation that it
enables HTTP/2.
Fixes golang/go#20572
Change-Id: If7c0f5722f0b1781789219fc4e84da3f19a89ab7
Reviewed-on: https://go-review.googlesource.com/45630
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
diff --git a/acme/autocert/listener.go b/acme/autocert/listener.go
index d4c93d2..d744df0 100644
--- a/acme/autocert/listener.go
+++ b/acme/autocert/listener.go
@@ -36,6 +36,9 @@
// operating system-specific cache or temp directory. This may not
// be suitable for servers spanning multiple machines.
//
+// The returned listener uses a *tls.Config that enables HTTP/2, and
+// should only be used with servers that support HTTP/2.
+//
// The returned Listener also enables TCP keep-alives on the accepted
// connections. The returned *tls.Conn are returned before their TLS
// handshake has completed.
@@ -58,6 +61,9 @@
// Listener listens on the standard TLS port (443) on all interfaces
// and returns a net.Listener returning *tls.Conn connections.
//
+// The returned listener uses a *tls.Config that enables HTTP/2, and
+// should only be used with servers that support HTTP/2.
+//
// The returned Listener also enables TCP keep-alives on the accepted
// connections. The returned *tls.Conn are returned before their TLS
// handshake has completed.
@@ -68,7 +74,8 @@
ln := &listener{
m: m,
conf: &tls.Config{
- GetCertificate: m.GetCertificate, // bonus: panic on nil m
+ GetCertificate: m.GetCertificate, // bonus: panic on nil m
+ NextProtos: []string{"h2", "http/1.1"}, // Enable HTTP/2
},
}
ln.tcpListener, ln.tcpListenErr = net.Listen("tcp", ":443")
