net/http: Serve violates tls.Config immutability promise

[FiloSottile]

From tls.Confg docs:

After one has been passed to a TLS function it must not be modified.

But calling Serve will call setupHTTP2, which calls http2ConfigureServer, which will modify the tls.Config. Since by the time you call Serve you must have already called tls.Listen, the immutability promise is broken.

I don't think anything relies on it yet, but nothing stops someone from for example caching the NextProtos in crypto/tls.Listen or something, breaking the setupHTTP2 magic.

[tombergan]

This might be a dup of Issue #15771

[adg]

I'm not sure what, if anything, can be done about this before the 1.7 release.

[bradfitz]

Sent https://golang.org/cl/24508

[gopherbot]

CL https://golang.org/cl/24508 mentions this issue.