From 4665dff2b959019284d78bd405a743b425002260 Mon Sep 17 00:00:00 2001
From: Doug MacEachern <dougm@vmware.com>
Date: Mon, 30 Sep 2024 12:05:58 -0700
Subject: [PATCH] api: disable http.Transport.ForceAttemptHTTP2 by default

Revert soap.Client http.Transport back to manual construction, rather than Clone() (see 313aa85)

Disable ForceAttemptHTTP2 by default, as we currently see degraded transfer rates with large file uploads.

Closes #3564
---
 vim25/soap/client.go | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/vim25/soap/client.go b/vim25/soap/client.go
index d6c810818..d3e9e093b 100644
--- a/vim25/soap/client.go
+++ b/vim25/soap/client.go
@@ -135,20 +135,31 @@ func ParseURL(s string) (*url.URL, error) {
 	return u, nil
 }
 
+// Go's ForceAttemptHTTP2 default is true, we disable by default.
+// This undocumented env var can be used to enable.
+var http2 = os.Getenv("GOVMOMI_HTTP2") == "true"
+
 func NewClient(u *url.URL, insecure bool) *Client {
 	var t *http.Transport
 
 	if d, ok := http.DefaultTransport.(*http.Transport); ok {
-		t = d.Clone()
+		// Inherit the same defaults explicitly set in http.DefaultTransport,
+		// unless otherwise noted.
+		t = &http.Transport{
+			Proxy:                 d.Proxy,
+			DialContext:           d.DialContext,
+			ForceAttemptHTTP2:     http2, // false by default in govmomi
+			MaxIdleConns:          d.MaxIdleConns,
+			IdleConnTimeout:       d.IdleConnTimeout,
+			TLSHandshakeTimeout:   d.TLSHandshakeTimeout,
+			ExpectContinueTimeout: d.ExpectContinueTimeout,
+		}
 	} else {
 		t = new(http.Transport)
 	}
 
-	if insecure {
-		if t.TLSClientConfig == nil {
-			t.TLSClientConfig = new(tls.Config)
-		}
-		t.TLSClientConfig.InsecureSkipVerify = insecure
+	t.TLSClientConfig = &tls.Config{
+		InsecureSkipVerify: insecure,
 	}
 
 	c := newClientWithTransport(u, insecure, t)