Plumb NextProtos to TLS client config, honor http/2 client preference

Kubernetes-commit: aef05c8dca2c1a9967ebd9a2f67a0bf7fb16f079
2025-09-02 15:45:09 +00:00 · 2019-08-28 09:55:37 -04:00
parent 326ca7a019
commit 696c159e45
8 changed files with 34 additions and 6 deletions
--- a/rest/config.go
+++ b/rest/config.go
@@ -211,6 +211,12 @@ type TLSClientConfig struct {
 	// CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
 	// CAData takes precedence over CAFile
 	CAData []byte
+
+	// NextProtos is a list of supported application level protocols, in order of preference.
+	// Used to populate tls.Config.NextProtos.
+	// To indicate to the server http/1.1 is preferred over http/2, set to ["http/1.1", "h2"] (though the server is free to ignore that preference).
+	// To use only http/1.1, set to ["http/1.1"].
+	NextProtos []string
 }

 var _ fmt.Stringer = TLSClientConfig{}
@@ -236,6 +242,7 @@ func (c TLSClientConfig) String() string {
 		CertData:   c.CertData,
 		KeyData:    c.KeyData,
 		CAData:     c.CAData,
+		NextProtos: c.NextProtos,
 	}
 	// Explicitly mark non-empty credential fields as redacted.
 	if len(cc.CertData) != 0 {
@@ -503,6 +510,7 @@ func AnonymousClientConfig(config *Config) *Config {
 			ServerName: config.ServerName,
 			CAFile:     config.TLSClientConfig.CAFile,
 			CAData:     config.TLSClientConfig.CAData,
+			NextProtos: config.TLSClientConfig.NextProtos,
 		},
 		RateLimiter:        config.RateLimiter,
 		UserAgent:          config.UserAgent,
@@ -541,6 +549,7 @@ func CopyConfig(config *Config) *Config {
 			CertData:   config.TLSClientConfig.CertData,
 			KeyData:    config.TLSClientConfig.KeyData,
 			CAData:     config.TLSClientConfig.CAData,
+			NextProtos: config.TLSClientConfig.NextProtos,
 		},
 		UserAgent:          config.UserAgent,
 		DisableCompression: config.DisableCompression,