Package: apache2 Version: 2.4.46-1 Severity: wishlist
AFAIU it is good practice to respect the client's preferences, so you
might want to consider to set
ProtocolsHonorOrder Off
in http2.conf by default, similar to SSLHonorCipherOrder.
Next step would be to enable http/2 by default. Setting ProtocolsHonorOrder
Off by default could reduce the risk.
Regards
Harri
