crypto/tls: clarify documentation on tls.Config.NextProtos

This change will aid users to make less mistakes where you, for example, define both HTTP/1.1 and H2, but in the wrong order.

    package main

    import (
        "crypto/tls"
        "net"
    )

    func main() {
        srv := &http.Server{
            TLSConfig: &tls.Config{
                NextProtos: []string{"http/1.1", "h2"},
            },
        }
        srv.ListenAndServeTLS("server.crt", "server.key")
    }

When using major browsers or curl, they will never be served H2 since they also support HTTP/1.0 and the list is processed in order.

Change-Id: Id14098b5e48f624ca308137917874d475c2f22a0
GitHub-Last-Rev: f3594a6411bf7dde71c850f3e85a2b5a21974129
GitHub-Pull-Request: golang/go#28367
Reviewed-on: https://go-review.googlesource.com/c/144387
Reviewed-by: Filippo Valsorda <filippo@golang.org>

diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 50db88eb603b5f3993b6587d485104b33e16b3e7..ba47d565a08400f4ee4c12735184b0b3a0558a8b 100644 (file)
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -424,7 +424,8 @@ type Config struct {
        // If RootCAs is nil, TLS uses the host's root CA set.
        RootCAs *x509.CertPool
 
-       // NextProtos is a list of supported, application level protocols.
+       // NextProtos is a list of supported application level protocols, in
+       // order of preference.
        NextProtos []string
 
        // ServerName is used to verify the hostname on the returned