From b730443454e623d1855d260d7bff14d26b79fa38 Mon Sep 17 00:00:00 2001
From: Sreeram Narayanan <sreeram.narayanan@hashicorp.com>
Date: Tue, 9 Sep 2025 15:31:10 +0530
Subject: [PATCH] update: use NewTLSWithALPNDisabled to bypass ALPN
 reinforcement

---
 discovery/watcher.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/discovery/watcher.go b/discovery/watcher.go
index e27e9b8..8388522 100644
--- a/discovery/watcher.go
+++ b/discovery/watcher.go
@@ -21,6 +21,7 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
+	expcredentials "google.golang.org/grpc/experimental/credentials"
 	"google.golang.org/grpc/keepalive"
 	"google.golang.org/grpc/status"
 )
@@ -119,7 +120,7 @@ func NewWatcher(ctx context.Context, config Config, log hclog.Logger) (*Watcher,
 
 	var cred credentials.TransportCredentials
 	if tls := w.config.TLS; tls != nil {
-		cred = credentials.NewTLS(tls)
+		cred = expcredentials.NewTLSWithALPNDisabled(tls)
 	} else {
 		cred = insecure.NewCredentials()
 	}