return r.r.Read(b)
}
+// Handles stream encryption for inbound connections.
func handleEncryption(
rw io.ReadWriter,
skeys mse.SecretKeyIter,
cryptoMethod mse.CryptoMethod,
err error,
) {
+ // Tries to start an unencrypted stream.
if !policy.RequirePreferred || !policy.Preferred {
var protocol [len(pp.Protocol)]byte
_, err = io.ReadFull(rw, protocol[:])
if err != nil {
return
}
+ // Put the protocol back into the stream.
rw = struct {
io.Reader
io.Writer
return
}
if policy.RequirePreferred {
+ // We are here because we require unencrypted connections.
err = fmt.Errorf("unexpected protocol string %q and header obfuscation disabled", protocol)
return
}