diff --git a/src/Kestrel.Core/CoreStrings.resx b/src/Kestrel.Core/CoreStrings.resx
index fd93442167..7bbbdfff3a 100644
--- a/src/Kestrel.Core/CoreStrings.resx
+++ b/src/Kestrel.Core/CoreStrings.resx
@@ -354,9 +354,6 @@
   <data name="EndPointRequiresAtLeastOneProtocol" xml:space="preserve">
     <value>An endpoint must be configured to serve at least one protocol.</value>
   </data>
-  <data name="EndPointRequiresTlsForHttp1AndHttp2" xml:space="preserve">
-    <value>Using both HTTP/1.x and HTTP/2 on the same endpoint requires the use of TLS.</value>
-  </data>
   <data name="EndPointHttp2NotNegotiated" xml:space="preserve">
     <value>HTTP/2 over TLS was not negotiated on an HTTP/2-only endpoint.</value>
   </data>
diff --git a/src/Kestrel.Core/Internal/HttpConnection.cs b/src/Kestrel.Core/Internal/HttpConnection.cs
index 8806f6989d..4553f08426 100644
--- a/src/Kestrel.Core/Internal/HttpConnection.cs
+++ b/src/Kestrel.Core/Internal/HttpConnection.cs
@@ -363,11 +363,6 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Core.Internal
                 error = CoreStrings.EndPointRequiresAtLeastOneProtocol;
             }
 
-            if (!hasTls && http1Enabled && http2Enabled)
-            {
-                error = CoreStrings.EndPointRequiresTlsForHttp1AndHttp2;
-            }
-
             if (!http1Enabled && http2Enabled && hasTls && !Http2Id.Span.SequenceEqual(applicationProtocol.Span))
             {
                 error = CoreStrings.EndPointHttp2NotNegotiated;
@@ -379,6 +374,12 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Core.Internal
                 return HttpProtocols.None;
             }
 
+            if (!hasTls && http1Enabled)
+            {
+                // Even if Http2 was enabled, default to Http1 because it's ambiguous without ALPN.
+                return HttpProtocols.Http1;
+            }
+
             return http2Enabled && (!hasTls || Http2Id.Span.SequenceEqual(applicationProtocol.Span)) ? HttpProtocols.Http2 : HttpProtocols.Http1;
         }
 
diff --git a/src/Kestrel.Core/ListenOptions.cs b/src/Kestrel.Core/ListenOptions.cs
index 17b8a1ded9..b3e4ec21ce 100644
--- a/src/Kestrel.Core/ListenOptions.cs
+++ b/src/Kestrel.Core/ListenOptions.cs
@@ -126,8 +126,8 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Core
         /// <summary>
         /// The protocols enabled on this endpoint.
         /// </summary>
-        /// <remarks>Defaults to HTTP/1.x only.</remarks>
-        public HttpProtocols Protocols { get; set; } = HttpProtocols.Http1;
+        /// <remarks>Defaults to HTTP/1.x and HTTP/2.</remarks>
+        public HttpProtocols Protocols { get; set; } = HttpProtocols.Http1AndHttp2;
 
         /// <summary>
         /// Gets the <see cref="List{IConnectionAdapter}"/> that allows each connection <see cref="System.IO.Stream"/>
diff --git a/src/Kestrel.Core/Properties/CoreStrings.Designer.cs b/src/Kestrel.Core/Properties/CoreStrings.Designer.cs
index 857db81bfb..09e593c57b 100644
--- a/src/Kestrel.Core/Properties/CoreStrings.Designer.cs
+++ b/src/Kestrel.Core/Properties/CoreStrings.Designer.cs
@@ -1116,20 +1116,6 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Core
         internal static string FormatEndPointRequiresAtLeastOneProtocol()
             => GetString("EndPointRequiresAtLeastOneProtocol");
 
-        /// <summary>
-        /// Using both HTTP/1.x and HTTP/2 on the same endpoint requires the use of TLS.
-        /// </summary>
-        internal static string EndPointRequiresTlsForHttp1AndHttp2
-        {
-            get => GetString("EndPointRequiresTlsForHttp1AndHttp2");
-        }
-
-        /// <summary>
-        /// Using both HTTP/1.x and HTTP/2 on the same endpoint requires the use of TLS.
-        /// </summary>
-        internal static string FormatEndPointRequiresTlsForHttp1AndHttp2()
-            => GetString("EndPointRequiresTlsForHttp1AndHttp2");
-
         /// <summary>
         /// HTTP/2 over TLS was not negotiated on an HTTP/2-only endpoint.
         /// </summary>
diff --git a/test/Kestrel.Core.Tests/ListenOptionsTests.cs b/test/Kestrel.Core.Tests/ListenOptionsTests.cs
index 77e5a33bbf..5c21b5eee8 100644
--- a/test/Kestrel.Core.Tests/ListenOptionsTests.cs
+++ b/test/Kestrel.Core.Tests/ListenOptionsTests.cs
@@ -17,7 +17,7 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Core.Tests
         public void ProtocolsDefault()
         {
             var listenOptions = new ListenOptions(new IPEndPoint(IPAddress.Loopback, 0));
-            Assert.Equal(HttpProtocols.Http1, listenOptions.Protocols);
+            Assert.Equal(HttpProtocols.Http1AndHttp2, listenOptions.Protocols);
         }
 
         [Fact]
diff --git a/test/Kestrel.FunctionalTests/HttpProtocolSelectionTests.cs b/test/Kestrel.FunctionalTests/HttpProtocolSelectionTests.cs
index e7bdaadcbf..c52894cc35 100644
--- a/test/Kestrel.FunctionalTests/HttpProtocolSelectionTests.cs
+++ b/test/Kestrel.FunctionalTests/HttpProtocolSelectionTests.cs
@@ -25,9 +25,9 @@ namespace Microsoft.AspNetCore.Server.Kestrel.FunctionalTests
         }
 
         [Fact]
-        public Task Server_Http1AndHttp2_Cleartext_Error()
+        public Task Server_Http1AndHttp2_Cleartext_Http1Default()
         {
-            return TestError<InvalidOperationException>(HttpProtocols.Http1AndHttp2, CoreStrings.EndPointRequiresTlsForHttp1AndHttp2);
+            return TestSuccess(HttpProtocols.Http1AndHttp2, "GET / HTTP/1.1\r\nHost:\r\n\r\n", "HTTP/1.1 200 OK");
         }
 
         [Fact]