Allow non-TLS detection automatically for in-process conns without `A…

…llowNonTLS` in config Signed-off-by: Neil Twigg <neil@nats.io>
nats-io · Jul 19, 2023 · d890d2f · d890d2f
1 parent e9aa7ed
commit d890d2f
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/server/server.go b/server/server.go
@@ -2678,8 +2678,9 @@ func (s *Server) createClientEx(conn net.Conn, inProcess bool) *client {
 
 	var pre []byte
 	// If we have both TLS and non-TLS allowed we need to see which
-	// one the client wants.
-	if !isClosed && opts.TLSConfig != nil && opts.AllowNonTLS {
+	// one the client wants. We'll always allow this for in-process
+	// connections.
+	if !isClosed && opts.TLSConfig != nil && (inProcess || opts.AllowNonTLS) {
 		pre = make([]byte, 4)
 		c.nc.SetReadDeadline(time.Now().Add(secondsToDuration(opts.TLSTimeout)))
 		n, _ := io.ReadFull(c.nc, pre[:])