diff --git a/tlsconfig/tlsconfig_server.go b/tlsconfig/tlsconfig_server.go index fbbf892e..08fd3732 100644 --- a/tlsconfig/tlsconfig_server.go +++ b/tlsconfig/tlsconfig_server.go @@ -66,3 +66,12 @@ func ServerClientAuthType(authType tls.ClientAuthType) ServerParam { func ServerCipherSuites(cipherSuites ...uint16) ServerParam { return serverParam(cipherSuitesParam(cipherSuites...)) } + +// ServerNextProtos sets the list of application level protocols supported by +// the server e.g. "http/1.1" or "h2". +func ServerNextProtos(protos ...string) ServerParam { + return serverParam(func(cfg *tls.Config) error { + cfg.NextProtos = protos + return nil + }) +} diff --git a/tlsconfig/tlsconfig_server_test.go b/tlsconfig/tlsconfig_server_test.go index acc8d591..5f521b1c 100644 --- a/tlsconfig/tlsconfig_server_test.go +++ b/tlsconfig/tlsconfig_server_test.go @@ -21,6 +21,7 @@ func TestNewServerConfig(t *testing.T) { clientCAFiles []string authType tls.ClientAuthType cipherSuites []uint16 + nextProtos []string }{ { name: "defaults", @@ -41,12 +42,19 @@ func TestNewServerConfig(t *testing.T) { tls.TLS_RSA_WITH_AES_256_CBC_SHA, }, }, + { + name: "nextProtos specified", + nextProtos: []string{ + "http/1.1", + }, + }, } { cfg, err := tlsconfig.NewServerConfig( tlsconfig.TLSCertFromFiles(serverCertFile, serverKeyFile), tlsconfig.ServerClientCAFiles(currCase.clientCAFiles...), tlsconfig.ServerClientAuthType(currCase.authType), tlsconfig.ServerCipherSuites(currCase.cipherSuites...), + tlsconfig.ServerNextProtos(currCase.nextProtos...), ) require.NoError(t, err) assert.NotNil(t, cfg, "Case %d: %s", currCaseNum, currCase.name)