commit 52da8fb2a613f0ad2aa19a22f15352d0ae8731ee
author Filippo Valsorda <filippo@golang.org> Mon Jun 07 07:27:14 2021 -0400
committer Filippo Valsorda <filippo@golang.org> Thu Jun 10 12:43:26 2021 +0000
tree 256868523f14874b3c25735037fe78c727d4e404
parent abc453219eb586afb3fc1742e8c685c28b9f7eea

http2: also set "http/1.1" ALPN in ConfigureServer

With CL 289209, we started enforcing ALPN protocol overlap when both
sides support ALPN. This means that an "http/1.1"-only ALPN-aware client
will fail to connect to a server with only "h2" in NextProtos.
Unfortunately, that's how ConfigureServer was setting up the tls.Config.

The new behavior mirrors ConfigureTransport on the client side (but not
Transport.newTLSConfig because the latter is used to make HTTP/2-only
connections).

Updates golang/go#46310

Change-Id: Idbab7a6f873f3be78104df6f2908895f4d399bd3
Reviewed-on: https://go-review.googlesource.com/c/net/+/325611
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>

http2/server.go

diff --git a/http2/server.go b/http2/server.go
index 09bc705..0ccbe9b 100644
--- a/http2/server.go
+++ b/http2/server.go
@@ -259,16 +259,12 @@
 
 	s.TLSConfig.PreferServerCipherSuites = true
 
-	haveNPN := false
-	for _, p := range s.TLSConfig.NextProtos {
-		if p == NextProtoTLS {
-			haveNPN = true
-			break
-		}
-	}
-	if !haveNPN {
+	if !strSliceContains(s.TLSConfig.NextProtos, NextProtoTLS) {
 		s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, NextProtoTLS)
 	}
+	if !strSliceContains(s.TLSConfig.NextProtos, "http/1.1") {
+		s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, "http/1.1")
+	}
 
 	if s.TLSNextProto == nil {
 		s.TLSNextProto = map[string]func(*http.Server, *tls.Conn, http.Handler){}