Fix HTTP/2 compatibility by forcing HTTP/1.1 in TLS handshake

- Disable HTTP/2 ALPN negotiation to force HTTP/1.1
- Prevents HTTP/2 PRI method requests that break manual HTTP parsing
- Resolves 'Error in the HTTP2 framing layer' with curl
- Ensures compatibility with http.ReadRequest for HTTPS inspection
- Now works seamlessly without requiring --http1.1 flag

Tested and working: Full HTTPS inspection with default curl settings

Co-authored-by: f0ssel <[email protected]>

Author: blink-so[bot]

proxy/proxy.go

@@ -364,7 +364,12 @@ func (p *Server) handleConnect(w http.ResponseWriter, r *http.Request) {
 
 	// Perform TLS handshake with the client using our certificates
 	p.logger.Debug("Starting TLS handshake", "hostname", hostname)
-	tlsConn := tls.Server(conn, p.tlsConfig)
+	
+	// Create TLS config that forces HTTP/1.1 (disable HTTP/2 ALPN)
+	tlsConfig := p.tlsConfig.Clone()
+	tlsConfig.NextProtos = []string{"http/1.1"}
+	
+	tlsConn := tls.Server(conn, tlsConfig)
 	err = tlsConn.Handshake()
 	if err != nil {
 		p.logger.Error("TLS handshake failed", "hostname", hostname, "error", err)