HTTP/2.0

[tofuproxy.git] / main.go

diff --git a/main.go b/main.go
index 69448ce2a66f53860064e9bde6ba3c0b4ed0f73c..663bf9508980fd9a3600f7f952b4cfdf1d80c825 100644 (file)
--- a/main.go
+++ b/main.go
@@ -42,9 +42,8 @@ var (
        caCert        *x509.Certificate
        caPrv         crypto.PrivateKey
        transport     = http.Transport{
-               ForceAttemptHTTP2: false,
-               TLSNextProto:      make(map[string]func(string, *tls.Conn) http.RoundTripper),
                DialTLSContext:    dialTLS,
+               ForceAttemptHTTP2: true,
        }
        sessionCache = tls.NewLRUClientSessionCache(1024)
 
@@ -62,6 +61,7 @@ func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
                        return verifyCert(host, nil, rawCerts, verifiedChains)
                },
                ClientSessionCache: sessionCache,
+               NextProtos:         []string{"h2", "http/1.1"},
        }
        conn, dialErr := tls.Dial(network, addr, &cfg)
        if dialErr != nil {
@@ -83,17 +83,16 @@ func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
                }
        }
        connState := conn.ConnectionState()
-       msg := fmt.Sprintf(
-               "%s\t%s %s\t%s",
-               strings.TrimSuffix(addr, ":443"),
-               ucspi.TLSVersion(connState.Version),
-               tls.CipherSuiteName(connState.CipherSuite),
-               spkiHash(connState.PeerCertificates[0]),
-       )
        if connState.DidResume {
-               msg += "\tresumed"
+               sinkTLS <- fmt.Sprintf(
+                       "%s\t%s %s\t%s\t%s",
+                       strings.TrimSuffix(addr, ":443"),
+                       ucspi.TLSVersion(connState.Version),
+                       tls.CipherSuiteName(connState.CipherSuite),
+                       spkiHash(connState.PeerCertificates[0]),
+                       connState.NegotiatedProtocol,
+               )
        }
-       sinkTLS <- msg
        return conn, nil
 }