From: Pontus Leitzler <leitzler@users.noreply.github.com>
Date: Tue, 30 Oct 2018 07:58:59 +0000 (+0000)
Subject: crypto/tls: clarify documentation on tls.Config.NextProtos
X-Git-Tag: go1.12beta1~589
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=7bada2cf4676938be46cde13e2b8e11e42b5441c;p=gostls13.git

crypto/tls: clarify documentation on tls.Config.NextProtos

This change will aid users to make less mistakes where you, for example, define both HTTP/1.1 and H2, but in the wrong order.

    package main

    import (
        "crypto/tls"
        "net"
    )

    func main() {
        srv := &http.Server{
            TLSConfig: &tls.Config{
                NextProtos: []string{"http/1.1", "h2"},
            },
        }
        srv.ListenAndServeTLS("server.crt", "server.key")
    }

When using major browsers or curl, they will never be served H2 since they also support HTTP/1.0 and the list is processed in order.

Change-Id: Id14098b5e48f624ca308137917874d475c2f22a0
GitHub-Last-Rev: f3594a6411bf7dde71c850f3e85a2b5a21974129
GitHub-Pull-Request: golang/go#28367
Reviewed-on: https://go-review.googlesource.com/c/144387
Reviewed-by: Filippo Valsorda <filippo@golang.org>
---

diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 50db88eb60..ba47d565a0 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -424,7 +424,8 @@ type Config struct {
 	// If RootCAs is nil, TLS uses the host's root CA set.
 	RootCAs *x509.CertPool
 
-	// NextProtos is a list of supported, application level protocols.
+	// NextProtos is a list of supported application level protocols, in
+	// order of preference.
 	NextProtos []string
 
 	// ServerName is used to verify the hostname on the returned