crypto/tls: remove NPN support

[FiloSottile]

NPN, the Next Protocol Negotiation extension, is specified by a draft expired 6 years ago and has been replaced by ALPN, which we also support. We should look at the NPN usage in the ecosystem and remove support for it.

[bradfitz]

Do the Chrome ULA or Firefox Telemetry dashboards have data on whether NPN or ALPN was used to initiate HTTP/2?

Actually, now I forget the protocol details enough to know whether the client side can even detect whether the server used one vs the other in its decision making process.

Looking at https://telemetry.mozilla.org/dashboard-generator/index.html and adding SPDY_NPN_CONNECT (if that's the right number) + "Add to Dashboard" + "Generate Dashboard" it says 33.12%. Does that mean one third of HTTP/2 is over NPN instead of ALPN? If so, sounds like we shouldn't remove it yet.

/cc @agl too

[agl]

I wonder what SPDY_NPN_CONNECT actually means, given that there's no ALPN version of the same.

As a server, our internal data suggests that NPN is very nearly ready to remove. The only exceptions are some gRPC clients using old versions of OpenSSL. (gRPC clients, unlike HTTP clients, are dead in the water if they don't get HTTP/2.)

As a client, I don't have great data off-hand, but I would expect that it would be fine to remove.

[davidben]

On the client, Firefox and Chrome removed NPN in April 2017, and April 2016, respectively, so presumably metrics from both are zero at this point. :-) I can only assume SPDY_NPN_CONNECT does not actually imply NPN.

[davidben]

Also gone from Edge/IE on Windows 10 it seems.

[gopherbot]

Change https://golang.org/cl/174329 mentions this issue: crypto/tls: remove NPN support

[gopherbot]

Change https://golang.org/cl/201202 mentions this issue: net/http: remove references to old NPN support