caCert *x509.Certificate
caPrv crypto.PrivateKey
transport = http.Transport{
- ForceAttemptHTTP2: false,
- TLSNextProto: make(map[string]func(string, *tls.Conn) http.RoundTripper),
DialTLSContext: dialTLS,
+ ForceAttemptHTTP2: true,
}
sessionCache = tls.NewLRUClientSessionCache(1024)
return verifyCert(host, nil, rawCerts, verifiedChains)
},
ClientSessionCache: sessionCache,
+ NextProtos: []string{"h2", "http/1.1"},
}
conn, dialErr := tls.Dial(network, addr, &cfg)
if dialErr != nil {
}
}
connState := conn.ConnectionState()
- msg := fmt.Sprintf(
- "%s\t%s %s\t%s",
- strings.TrimSuffix(addr, ":443"),
- ucspi.TLSVersion(connState.Version),
- tls.CipherSuiteName(connState.CipherSuite),
- spkiHash(connState.PeerCertificates[0]),
- )
if connState.DidResume {
- msg += "\tresumed"
+ sinkTLS <- fmt.Sprintf(
+ "%s\t%s %s\t%s\t%s",
+ strings.TrimSuffix(addr, ":443"),
+ ucspi.TLSVersion(connState.Version),
+ tls.CipherSuiteName(connState.CipherSuite),
+ spkiHash(connState.PeerCertificates[0]),
+ connState.NegotiatedProtocol,
+ )
}
- sinkTLS <- msg
return conn, nil
}