Package: apache2 Version: 2.4.46-1 Severity: wishlist
AFAIU it is good practice to respect the client's preferences, so you might want to consider to set ProtocolsHonorOrder Off in http2.conf by default, similar to SSLHonorCipherOrder. Next step would be to enable http/2 by default. Setting ProtocolsHonorOrder Off by default could reduce the risk. Regards Harri