From 5fea37c1d25b6b79bab63ca63638881c3cd4f617 Mon Sep 17 00:00:00 2001
From: Michael Vallaly <michael.vallaly@rallyhealth.com>
Date: Tue, 29 Sep 2020 10:25:11 -0500
Subject: [PATCH] Force TLS negotiation to only support HTTP/1.1 Seems OKTA has
 a broken implementation of HTTP2? There seem to be some quirks with they way
 golang handles HTTP2 requests (specifically when receiving GOAWAY frames)
 golang/go#20979, which result in the HTTP2 connection not terminating.

---
 lib/okta.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/okta.go b/lib/okta.go
index f17cf862..95555636 100644
--- a/lib/okta.go
+++ b/lib/okta.go
@@ -2,6 +2,7 @@ package lib
 
 import (
 	"bytes"
+        "crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -578,10 +579,19 @@ func (o *OktaClient) Get(method string, path string, data []byte, recv interface
 		}
 	}
 
+       // FORCE TLS negotiation to only support HTTP/1.1
+       tlsCfg := &tls.Config{
+                NextProtos: []string{"h1"},
+       }
+
 	transCfg := &http.Transport{
 		Proxy:               http.ProxyFromEnvironment,
 		TLSHandshakeTimeout: Timeout,
+                DisableKeepAlives:   true,
+                MaxIdleConnsPerHost: -1,
+                TLSClientConfig: tlsCfg,
 	}
+
 	client = http.Client{
 		Transport: transCfg,
 		Timeout:   Timeout,