From 0c5e65eb3f2b4ec5a720e13f941e2a620f8fe55d Mon Sep 17 00:00:00 2001
From: James Tucker <james@tailscale.com>
Date: Fri, 23 Feb 2024 18:23:32 -0800
Subject: [PATCH] cmd/derper: apply TCP keepalive and timeout to TLS as well

I missed a case in the earlier patch, and so we're still sending 15s TCP
keepalive for TLS connections, now adjusted there too.

Updates tailscale/corp#17587
Updates #3363

Signed-off-by: James Tucker <james@tailscale.com>
---
 cmd/derper/derper.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cmd/derper/derper.go b/cmd/derper/derper.go
index 1e79b3dcc..07653141d 100644
--- a/cmd/derper/derper.go
+++ b/cmd/derper/derper.go
@@ -324,7 +324,7 @@ func main() {
 				}
 			}()
 		}
-		err = rateLimitedListenAndServeTLS(httpsrv)
+		err = rateLimitedListenAndServeTLS(httpsrv, &lc)
 	} else {
 		log.Printf("derper: serving on %s", *addr)
 		var ln net.Listener
@@ -397,8 +397,8 @@ func defaultMeshPSKFile() string {
 	return ""
 }
 
-func rateLimitedListenAndServeTLS(srv *http.Server) error {
-	ln, err := net.Listen("tcp", cmp.Or(srv.Addr, ":https"))
+func rateLimitedListenAndServeTLS(srv *http.Server, lc *net.ListenConfig) error {
+	ln, err := lc.Listen(context.Background(), "tcp", cmp.Or(srv.Addr, ":https"))
 	if err != nil {
 		return err
 	}