the logic of this line is error(ValidCipher, BadCipher,BadCipher will go through), it should be
returnfmt.Errorf("http2: TLSConfig.CipherSuites index %d contains an HTTP/2-approved cipher suite (%#04x), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.", i, cs)
The text was updated successfully, but these errors were encountered:
@pxing-china I think you misunderstood the check.
It wants to prevent BadCipher, ValidCipher. Given this order, the bad cipher will cause the connection to be rejected before trying the valid cipher. BadCiphers after ValidCiphers are fine because at least you tried all the valid ones first.