From 6b11004a2a0f508bf6e66080016bec176cc100be Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Thu, 10 Mar 2022 13:19:21 -0800
Subject: [PATCH] control/controlclient: proactively close TLS connection after
 /key fetch

When using Noise.

Updates #3488

Change-Id: I1049963763075a15b72fd8065dcf44a9cf37975f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 control/controlclient/direct.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/control/controlclient/direct.go b/control/controlclient/direct.go
index 057cffb95..5c9fd21f4 100644
--- a/control/controlclient/direct.go
+++ b/control/controlclient/direct.go
@@ -380,6 +380,14 @@ func (c *Direct) doLogin(ctx context.Context, opt loginOpt) (mustRegen bool, new
 		c.mu.Unlock()
 		serverKey = keys.LegacyPublicKey
 		serverNoiseKey = keys.PublicKey
+
+		// For servers supporting the Noise transport,
+		// proactively shut down our TLS TCP connection.
+		// We're not going to need it and it's nicer to the
+		// server.
+		if !serverNoiseKey.IsZero() {
+			c.httpc.CloseIdleConnections()
+		}
 	}
 	var oldNodeKey key.NodePublic
 	switch {