disable HTTP/2 on all 3 servers (#364)

* disable HTTP/2 on all 3 servers

Signed-off-by: Xavier Coulon <xcoulon@redhat.com>

* set TLS min version (golint)

Signed-off-by: Xavier Coulon <xcoulon@redhat.com>

---------

Signed-off-by: Xavier Coulon <xcoulon@redhat.com>

pkg/metrics/metrics.go

@@ -2,11 +2,12 @@ package metrics
 
 import (
 	"errors"
+	"net/http"
+
 	"github.com/labstack/echo/v4"
 	glog "github.com/labstack/gommon/log"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
-	"net/http"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 )
 
@@ -56,6 +57,7 @@ func (p *ProxyMetrics) StartMetricsServer() *http.Server {
 	srv := echo.New()
 	srv.Logger.SetLevel(glog.INFO)
 	srv.GET("/metrics", echo.WrapHandler(promhttp.HandlerFor(p.Reg, promhttp.HandlerOpts{DisableCompression: true, Registry: p.Reg})))
+	srv.DisableHTTP2 = true // disable HTTP/2 for now
 
 	log.Info("Starting the Registration-Service Metrics server...")
 	// listen concurrently to allow for graceful shutdown

pkg/proxy/proxy.go

@@ -136,7 +136,15 @@ func (p *Proxy) StartProxy() *http.Server {
 	handler := corsPreflightHandler(router)
 
 	log.Info(nil, "Starting the Proxy server...")
-	srv := &http.Server{Addr: ":" + ProxyPort, Handler: handler, ReadHeaderTimeout: 2 * time.Second}
+	srv := &http.Server{
+		Addr:              ":" + ProxyPort,
+		Handler:           handler,
+		ReadHeaderTimeout: 2 * time.Second,
+		TLSConfig: &tls.Config{
+			MinVersion: tls.VersionTLS12,
+			NextProtos: []string{"http/1.1"}, // disable HTTP/2 for now
+		},
+	}
 	// listen concurrently to allow for graceful shutdown
 	go func() {
 		if err := srv.ListenAndServe(); err != nil {

pkg/server/server.go

@@ -1,6 +1,7 @@
 package server
 
 import (
+	"crypto/tls"
 	"fmt"
 	"io"
 	"net/http"
@@ -83,6 +84,10 @@ func New(application application.Application) *RegistrationServer {
 		ReadTimeout:  configuration.HTTPReadTimeout,
 		IdleTimeout:  configuration.HTTPIdleTimeout,
 		Handler:      srv.router,
+		TLSConfig: &tls.Config{
+			MinVersion: tls.VersionTLS12,
+			NextProtos: []string{"http/1.1"}, // disable HTTP/2 for now
+		},
 	}
 	if configuration.HTTPCompressResponses {
 		srv.router.Use(gzip.Gzip(gzip.DefaultCompression))