Sec-WebSocket-Protocol should only return a single value
I noticed this while trying to make noVNC with with gevent-websocket (instead of the websocket implementation shipped with noVNC).
If a client sends "Sec-WebSocket-Protocol: binary, base64" (or sends single values, multiple times for that header), the server must, according to the RFC, only respond with a single value - in this case, most logically "binary".
This bug is causing the noVNC client to see a response of "Sec-WebSocket-Protocol: binary, base64", and interpret that as the server having not chosen a sub-protocol. The noVNC client then proceeds to use base64, which fails, since gevent-websocket does not implement that (although noVNC's websocket server does - maybe we could also support base64?)