This document updates HTTP/2 (RFC 7540) to prohibit TLSv1.3 post-handshake auth, matching the existing prohibition to TLSv1.2 renegotiation. This document is ready for publication. It clearly describes the problem and what clients and servers need to do.