letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dns: add ForceAttemptHTTP2 (#7215) 

Per https://pkg.go.dev/net/http#hdr-HTTP_2:

> The http package's Transport and Server both automatically enable
HTTP/2 support for simple configurations.

and https://pkg.go.dev/net/http#Transport:

> // If non-nil, HTTP/2 support may not be enabled by default.
>	TLSClientConfig *tls.Config

Since we were setting a non-default TLSClientConfig to trust custom
roots, we accidentally turned off HTTP/2 support. And Unbound requires
HTTP/2 to serve DoH queries.

Also, clone the TLS config just to be safe against possible mutation in
other packages.
This commit is contained in:
Jacob Hoffman-Andrews 2023-12-13 19:18:00 -08:00 committed by GitHub
parent 289284ad6e
commit 81e04ab14c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bdns/dns.go
View File

@ -198,7 +198,8 @@ func New(
hc: http.Client{
Timeout: readTimeout,
Transport: &http.Transport{
TLSClientConfig: tlsConfig,
ForceAttemptHTTP2: true,
TLSClientConfig: tlsConfig.Clone(),
},
},
}