Skip to content

Commit

Permalink
dns: add ForceAttemptHTTP2 (#7215)
Browse files Browse the repository at this point in the history
Per https://pkg.go.dev/net/http#hdr-HTTP_2:

> The http package's Transport and Server both automatically enable
HTTP/2 support for simple configurations.

and https://pkg.go.dev/net/http#Transport:

> // If non-nil, HTTP/2 support may not be enabled by default.
>	TLSClientConfig *tls.Config

Since we were setting a non-default TLSClientConfig to trust custom
roots, we accidentally turned off HTTP/2 support. And Unbound requires
HTTP/2 to serve DoH queries.

Also, clone the TLS config just to be safe against possible mutation in
other packages.
  • Loading branch information
jsha committed Dec 14, 2023
1 parent 289284a commit 81e04ab
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion bdns/dns.go
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,8 @@ func New(
hc: http.Client{
Timeout: readTimeout,
Transport: &http.Transport{
TLSClientConfig: tlsConfig,
ForceAttemptHTTP2: true,
TLSClientConfig: tlsConfig.Clone(),
},
},
}
Expand Down

0 comments on commit 81e04ab

Please sign in to comment.