Connecting to an HTTP/2 cleartext server is done one of two ways:
- You connect first using HTTP/1.1 and the client includes an
Upgrade: h2cheader in its first request. Meaning that the port simultaneously supports HTTP/1.1 and h2c. - You connect directly using HTTP/2 (what’s called “prior knowledge”). Meaning that the port only supports the binary HTTP/2 protocol.
In nginx, when you do listen 80 http2, it’s actually doing (2), and (1) isn’t possible at all.
So it’s not that Boulder doesn’t support cleartext HTTP/2 - it’s that without prior knowledge about the server you’re connecting to, any HTTP client has to assume (1) is the case.
I think this is on nginx for having (arguably) unhelpful cleartext HTTP/2 behavior.