When an incoming connection to a TLS-backed HTTP server does not contain a valid TLS record, the net/http package will try to return a helpful error if the incoming message is HTTP (matching the behaviour of Apache), however in the event that the incoming connection doesn't contain a HTTP request, it writes an event to the logger of the http.Server: https://cs.opensource.google/go/go/+/master:src/net/http/server.go;l=1870;bpv=1;bpt=0

For http.Servers that are internet facing, especially those on public cloud providers, this can result in the output of that logger (by default stdout), being flooded with unhelpful messages such as: http: TLS handshake error from <ip>: EOF. A simple port scan will trigger this message.

This makes troubleshooting or monitoring the actual application difficult, as the log is overwhelmed by these messages. While other servers like nginx and apache do print out similar error messages, they offer significantly greater control over logging.

Go, on the other hand, only lets you override the logger with your own. This requires the application to either implement a null logger (therefor silencing all messages from the http.Server, including helpful errors), or writing a custom logger that filters these unhelpful errors.

I'm unsure if this is a proposal or bug (I feel it's both, really). I am asking if we want to remove this log line, or ignore EOF errors.