Provide better control over which HTTP protocols are enabled

Over cleartext TCP the `protocols` option lists the enabled
protocols. The default is to allow both HTTP/1.1 and HTTP/2.

Over TLS the default protocol to use when ALPN is not used
can now be configured via the `alpn_default_protocol` option.

Performing an HTTP/1.1 upgrade to HTTP/2 over TLS is now
rejected with an error as connecting to HTTP/2 over TLS
requires the use of ALPN (or that HTTP/2 be the default
when connecting over TLS).

doc/src/manual/cowboy_http.asciidoc

@@ -18,6 +18,7 @@ as a Ranch protocol.
 ----
 opts() :: #{
     active_n                   => pos_integer(),
+    alpn_default_protocol      => http | http2,
     chunked                    => boolean(),
     connection_type            => worker | supervisor,
     dynamic_buffer             => false | {pos_integer(), pos_integer()},
@@ -36,6 +37,7 @@ opts() :: #{
     max_method_length          => non_neg_integer(),
     max_request_line_length    => non_neg_integer(),
     max_skip_body_length       => non_neg_integer(),
+    protocols                  => [http | http2],
     proxy_header               => boolean(),
     request_timeout            => timeout(),
     reset_idle_timeout_on_send => boolean(),
@@ -63,6 +65,12 @@ values reduce the number of times Cowboy need to request more
 packets from the port driver at the expense of potentially
 higher memory being used.
 
+alpn_default_protocol (http)::
+
+Default protocol to use when the client connects over TLS
+without ALPN. Can be set to `http2` to disable HTTP/1.1
+entirely.
+
 chunked (true)::
 
 Whether chunked transfer-encoding is enabled for HTTP/1.1 connections.
@@ -156,6 +164,13 @@ max_skip_body_length (1000000)::
 Maximum length Cowboy is willing to skip when the user code did not read the body fully.
 When the remaining length is too large or unknown Cowboy will close the connection.
 
+protocols ([http2, http])::
+
+Protocols that may be used when the client connects over
+cleartext TCP. The default is to allow both HTTP/1.1 and
+HTTP/2. HTTP/1.1 and HTTP/2 can be disabled entirely by
+omitting them from the list.
+
 proxy_header (false)::
 
 Whether incoming connections have a PROXY protocol header. The

doc/src/manual/cowboy_http2.asciidoc

@@ -18,6 +18,7 @@ as a Ranch protocol.
 ----
 opts() :: #{
     active_n                       => pos_integer(),
+    alpn_default_protocol          => http | http2,
     connection_type                => worker | supervisor,
     connection_window_margin_size  => 0..16#7fffffff,
     connection_window_update_threshold => 0..16#7fffffff,
@@ -46,6 +47,7 @@ opts() :: #{
     max_stream_buffer_size         => non_neg_integer(),
     max_stream_window_size         => 0..16#7fffffff,
     preface_timeout                => timeout(),
+    protocols                      => [http | http2],
     proxy_header                   => boolean(),
     reset_idle_timeout_on_send     => boolean(),
     sendfile                       => boolean(),
@@ -76,6 +78,12 @@ values reduce the number of times Cowboy need to request more
 packets from the port driver at the expense of potentially
 higher memory being used.
 
+alpn_default_protocol (http)::
+
+Default protocol to use when the client connects over TLS
+without ALPN. Can be set to `http2` to disable HTTP/1.1
+entirely.
+
 connection_type (supervisor)::
 
 Whether the connection process also acts as a supervisor.
@@ -259,6 +267,13 @@ preface_timeout (5000)::
 
 Time in ms Cowboy is willing to wait for the connection preface.
 
+protocols ([http2, http])::
+
+Protocols that may be used when the client connects over
+cleartext TCP. The default is to allow both HTTP/1.1 and
+HTTP/2. HTTP/1.1 and HTTP/2 can be disabled entirely by
+omitting them from the list.
+
 proxy_header (false)::
 
 Whether incoming connections have a PROXY protocol header. The