2 files changed, 8 insertions, 0 deletions

diff --git a/runtime/js/40_tls.js b/runtime/js/40_tls.js
index da43afaac..e11754b0d 100644
--- a/runtime/js/40_tls.js
+++ b/runtime/js/40_tls.js
@@ -51,6 +51,7 @@
     keyFile,
     hostname = "0.0.0.0",
     transport = "tcp",
+    alpnProtocols,
   }) {
     const res = opListenTls({
       port,
@@ -58,6 +59,7 @@
       keyFile,
       hostname,
       transport,
+      alpnProtocols,
     });
     return new TLSListener(res.rid, res.localAddr);
   }
diff --git a/runtime/ops/tls.rs b/runtime/ops/tls.rs
index d9c5f1854..83dbbfcd1 100644
--- a/runtime/ops/tls.rs
+++ b/runtime/ops/tls.rs
@@ -300,6 +300,7 @@ pub struct ListenTlsArgs {
   port: u16,
   cert_file: String,
   key_file: String,
+  alpn_protocols: Option<Vec<String>>,
 }
 
 fn op_listen_tls(
@@ -318,6 +319,11 @@ fn op_listen_tls(
     permissions.read.check(Path::new(&key_file))?;
   }
   let mut config = ServerConfig::new(NoClientAuth::new());
+  if let Some(alpn_protocols) = args.alpn_protocols {
+    super::check_unstable(state, "Deno.listenTls#alpn_protocols");
+    config.alpn_protocols =
+      alpn_protocols.into_iter().map(|s| s.into_bytes()).collect();
+  }
   config
     .set_single_cert(load_certs(&cert_file)?, load_keys(&key_file)?.remove(0))
     .expect("invalid key or certificate");