As can be seen, this blacklist, mainly depends on the symmetric encryption algorithm;
Using a symmetric encryption algorithm that is not secure enough, even with the "ECDHE_ECDSA" Exchange key and authentication, it is blacklisted.
Here, the symmetric cryptographic algorithms that are not secure are: DES, RC2, RC4, 3DES, Idea, AES (256 or less), Aria, and Camellia.
Here are all the HTTP2 cipher group blacklists (from RFC7540):
Tls_null_with_null_null
Tls_empty_renegotiation_info_scsv
Tls_krb5_export_with_des_cbc_40_md5
Tls_krb5_export_with_des_cbc_40_sha
Tls_krb5_export_with_rc2_cbc_ 40_MD5
Tls_krb5_export_with_rc2_cbc_40_sha
tls_krb5_export_with_rc4_40_md5
tls_krb5_export_with_rc4_ 40_sha
Tls_krb5_with_3des_ede_cbc_md5
Tls_krb5_with_3des_ede_cbc_sha
tls_krb5_with_des_cbc_md5
TLS _krb5_with_des_cbc_sha
Tls_krb5_with_idea_cbc_md5
Tls_krb5_with_idea_cbc_sha
tls_krb5_with_rc4_128_ MD5
Tls_krb5_with_rc4_128_sha
Tls_psk_with_null_sha
tls_psk_with_null_sha256
tls_psk_with_null_sha384
Tls_psk_with_rc4_128_sha
Tls_psk_with_3des_ede_cbc_sha
Tls_psk_with_aes_128_cbc_sha
tls_psk_with_aes_128_cbc_sha256
TLS_ PSK_WITH_AES_128_CCM
Tls_psk_with_aes_128_ccm_8
tls_psk_with_aes_128_gcm_sha256
TLS_PSK_WITH_AES_256_ Cbc_sha
tls_psk_with_aes_256_cbc_sha384
tls_psk_with_aes_256_ccm
Tls_psk_with_aes_256_ccm_8
TLS_ psk_with_aes_256_gcm_sha384
tls_psk_with_aria_128_cbc_sha256
tls_psk_with_aria_128_gcm_sha256
TLS_PSK _with_aria_256_cbc_sha384
tls_psk_with_aria_256_gcm_sha384
tls_psk_with_camellia_128_cbc_sha256
TLS_ psk_with_camellia_128_gcm_sha256
tls_psk_with_camellia_256_cbc_sha384
Tls_psk_with_camellia_256_gcm_ SHA384
Tls_srp_sha_with_3des_ede_cbc_sha
Tls_srp_sha_with_aes_128_cbc_sha
Tls_srp_sha_with_aes_256_cbc_sha
Tls_srp_sha_dss_with_3des_ede_cbc_sha
Tls_srp_sha_dss_with_aes_128_cbc_sha
Tls_srp_sha_dss_with_aes_256_cbc_sha
Tls_srp_sha_rsa_with_3des_ede_cbc_sha
Tls_srp_sha_rsa_with_aes_128_cbc_sha
Tls_srp_sha_rsa_with_aes_256_cbc_sha
Tls_rsa_export_with_rc2_cbc_40_md5
Tls_rsa_export_with_rc4_40_md5
Tls_rsa_export_with_des40_cbc_sha
Tls_rsa_psk_with_null_sha
tls_rsa_psk_with_null_sha256
tls_rsa_psk_with_null_sha384
TLS_RSA_PSK_ With_rc4_128_sha
Tls_rsa_psk_with_3des_ede_cbc_sha
Tls_rsa_psk_with_aes_128_cbc_sha
TLS_RSA_PSK_WITH_ aes_128_cbc_sha256
tls_rsa_psk_with_aes_128_gcm_sha256
Tls_rsa_psk_with_aes_256_cbc_sha
TLS_RSA_PSK_ with_aes_256_cbc_sha384
tls_rsa_psk_with_aes_256_gcm_sha384
tls_rsa_psk_with_aria_128_cbc_sha256
TLS_ rsa_psk_with_aria_128_gcm_sha256
tls_rsa_psk_with_aria_256_cbc_sha384
Tls_rsa_psk_with_aria_256_gcm_ SHA384
tls_rsa_psk_with_camellia_128_cbc_sha256
tls_rsa_psk_with_camellia_128_gcm_sha256
TLS_RSA_PSK_ with_camellia_256_cbc_sha384
tls_rsa_psk_with_camellia_256_gcm_sha384
Tls_rsa_with_null_md5
Tls_rsa_with_null_sha
tls_rsa_with_null_sha256
Tls_rsa_with_rc4_128_md5
Tls_rsa_with_rc4_128_sha
Tls_rsa_with_seed_cbc_sha
Tls_rsa_with_3des_ede_cbc_sha
TLS_RSA_WITH_AES_128 _cbc_sha
tls_rsa_with_aes_128_cbc_sha256
tls_rsa_with_aes_128_ccm
Tls_rsa_with_aes_128_ccm_8
TLS_ rsa_with_aes_128_gcm_sha256
Tls_rsa_with_aes_256_cbc_sha
tls_rsa_with_aes_256_cbc_sha256
TLS_RSA_WITH _AES_256_CCM
Tls_rsa_with_aes_256_ccm_8
tls_rsa_with_aes_256_gcm_sha384
Tls_rsa_with_aria_128_cbc_ SHA256
tls_rsa_with_aria_128_gcm_sha256
tls_rsa_with_aria_256_cbc_sha384
Tls_rsa_with_aria_256_gcm_ SHA384
Tls_rsa_with_camellia_128_cbc_sha
tls_rsa_with_camellia_128_cbc_sha256
Tls_rsa_with_camellia_ 128_gcm_sha256
Tls_rsa_with_camellia_256_cbc_sha
tls_rsa_with_camellia_256_cbc_sha256
TLS_RSA_WITH_ camellia_256_gcm_sha384
Tls_rsa_with_des_cbc_sha
Tls_rsa_with_idea_cbc_sha
Tls_dh_anon_export_with_des40_cbc_sha
Tls_dh_anon_export_with_rc4_40_md5
Tls_dh_anon_with_des_cbc_sha
Tls_dh_anon_with_rc4_128_md5
Tls_dh_anon_with_seed_cbc_sha
Tls_dh_anon_with_3des_ede_cbc_sha
TLS_ Dh_anon_with_aes_128_cbc_sha
tls_dh_anon_with_aes_128_cbc_sha256
tls_dh_anon_with_aes_128_gcm_sha256
Tls_dh_anon_with_aes_256_cbc_sha
tls_dh_anon_with_aes_256_cbc_sha256
tls_dh_anon_with_aes_256_gcm_sha384
tls_dh_anon_with_aria_128_cbc_sha256
tls_dh_anon_with_aria_128_gcm_sha256
tls_dh_anon_with_aria_256_ cbc_sha384
tls_dh_anon_with_aria_256_gcm_sha384
Tls_dh_anon_with_camellia_128_cbc_sha
TLS_DH_anon_ with_camellia_128_cbc_sha256
tls_dh_anon_with_camellia_128_gcm_sha256
Tls_dh_anon_with_camellia_256_cbc_ SHA
tls_dh_anon_with_camellia_256_cbc_sha256
tls_dh_anon_with_camellia_256_gcm_sha384
Tls_dh_dss_with_des_cbc_sha
Tls_dh_dss_with_seed_cbc_sha
Tls_dh_dss_export_with_des40_cbc_sha
TLS_ Dh_dss_with_3des_ede_cbc_sha
Tls_dh_dss_with_aes_128_cbc_sha
tls_dh_dss_with_aes_128_cbc_sha256
TLS_ dh_dss_with_aes_128_gcm_sha256
Tls_dh_dss_with_aes_256_cbc_sha
tls_dh_dss_with_aes_256_cbc_sha256
TLS _dh_dss_with_aes_256_gcm_sha384
tls_dh_dss_with_aria_128_cbc_sha256
tls_dh_dss_with_aria_128_gcm_sha256
tls_dh_dss_with_aria_256_cbc_sha384
tls_dh_dss_with_aria_256_gcm_sha384
tls_dh_dss_with_camellia_128 _cbc_sha
tls_dh_dss_with_camellia_128_cbc_sha256
tls_dh_dss_with_camellia_128_gcm_sha256
TLS_DH_DSS_ With_camellia_256_cbc_sha
tls_dh_dss_with_camellia_256_cbc_sha256
Tls_dh_dss_with_camellia_256_gcm_ SHA384
Tls_dh_rsa_export_with_des40_cbc_sha
Tls_dh_rsa_with_des_cbc_sha
Tls_dh_rsa_with_seed_cbc_sha
TLS_ Dh_rsa_with_3des_ede_cbc_sha
Tls_dh_rsa_with_aes_128_cbc_sha
tls_dh_rsa_with_aes_128_cbc_sha256
TLS_ dh_rsa_with_aes_128_gcm_sha256
Tls_dh_rsa_with_aes_256_cbc_sha
tls_dh_rsa_with_aes_256_cbc_sha256
TLS _dh_rsa_with_aes_256_gcm_sha384
tls_dh_rsa_with_aria_128_cbc_sha256
tls_dh_rsa_with_aria_128_gcm_sha256
tls_dh_rsa_with_aria_256_cbc_sha384
tls_dh_rsa_with_aria_256_gcm_sha384
tls_dh_rsa_with_camellia_128 _cbc_sha
tls_dh_rsa_with_camellia_128_cbc_sha256
tls_dh_rsa_with_camellia_128_gcm_sha256
TLS_DH_RSA_ With_camellia_256_cbc_sha
tls_dh_rsa_with_camellia_256_cbc_sha256
Tls_dh_rsa_with_camellia_256_gcm_ SHA384
Tls_dhe_dss_export_with_des40_cbc_sha
Tls_dhe_dss_with_des_cbc_sha
Tls_dhe_dss_with_seed_cbc_sha
Tls_dhe_dss_with_3des_ede_cbc_sha
Tls_dhe_dss_with_aes_128_cbc_sha
tls_dhe_dss_with_aes_128_cbc_sha256
Tls_dhe_dss_with_aes_256_cbc_sha
tls_dhe_dss_with_aes_256_cbc_sha256
Tls_dhe_dss_with_aria_128_cbc_ SHA256
tls_dhe_dss_with_aria_256_cbc_sha384
Tls_dhe_dss_with_camellia_128_cbc_sha
Tls_dhe_dss_with_ camellia_128_cbc_sha256
Tls_dhe_dss_with_camellia_256_cbc_sha
tls_dhe_dss_with_camellia_256_cbc_sha256
Tls_dhe_psk_with_null_sha
tls_dhe_psk_with_null_sha256
tls_dhe_psk_with_null_sha384
TLS_DHE_PSK_ With_rc4_128_sha
Tls_dhe_psk_with_3des_ede_cbc_sha
Tls_dhe_psk_with_aes_128_cbc_sha
TLS_DHE_PSK_WITH_ aes_128_cbc_sha256
Tls_dhe_psk_with_aes_256_cbc_sha
tls_dhe_psk_with_aes_256_cbc_sha384
TLS_DHE_PSK_ with_aria_128_cbc_sha256
tls_dhe_psk_with_aria_256_cbc_sha384
tls_dhe_psk_with_camellia_128_cbc_sha256
tls_dhe_psk_with_camellia_256_cbc_sha384
Tls_dhe_rsa_export_with_des40_cbc_sha
Tls_dhe_rsa_with_des_cbc_sha
Tls_dhe_rsa_with_seed_cbc_sha
Tls_dhe_rsa_with_3des_ede_cbc_sha
Tls_dhe_rsa_with_aes_128_cbc_sha
tls_dhe_rsa_with_aes_128_cbc_sha256
Tls_dhe_rsa_with_aes_256_cbc_sha
tls_dhe_rsa_with_aes_256_cbc_sha256
tls_dhe_rsa_with_aria_128_cbc_sha256
tls_dhe_rsa_with_aria_256_cbc_sha384
Tls_dhe_rsa_with_camellia_128_cbc_sha
tls_dhe_rsa_with_camellia_128_cbc_sha256
Tls_dhe_rsa_with_camellia_256_cbc_sha
tls_dhe_rsa_with_camellia_256_cbc_sha256
Tls_ecdh_anon_with_null_sha
Tls_ecdh_anon_with_rc4_128_sha
Tls_ecdh_anon_with_3des_ede_cbc_sha
Tls_ecdh_anon_with_aes_128_cbc_sha
Tls_ecdh_anon_with_aes_256_cbc_sha
Tls_ecdh_rsa_with_null_sha
Tls_ecdh_rsa_with_rc4_128_sha
Tls_ecdh_rsa_with_3des_ede_cbc_sha
TLS_ Ecdh_rsa_with_aes_128_cbc_sha
tls_ecdh_rsa_with_aes_128_cbc_sha256
tls_ecdh_rsa_with_aes_128_gcm_sha256
Tls_ecdh_rsa_with_aes_256_cbc_sha
tls_ecdh_rsa_with_aes_256_cbc_sha384
TLS_ECDH_RSA_WITH_AES_256_GCM _sha384
tls_ecdh_rsa_with_aria_128_cbc_sha256
tls_ecdh_rsa_with_aria_128_gcm_sha256
TLS_ECDH_RSA_WITH _aria_256_cbc_sha384
tls_ecdh_rsa_with_aria_256_gcm_sha384
tls_ecdh_rsa_with_camellia_128_cbc_sha256
tls_ecdh_rsa_with_camellia_128_gcm_sha256
tls_ecdh_rsa_with_camellia_256_cbc_sha384
TLS_ECDH_RSA_WITH_ camellia_256_gcm_sha384
Tls_ecdh_ecdsa_with_null_sha
Tls_ecdh_ecdsa_with_rc4_128_sha
Tls_ecdh_ecdsa_with_3des_ede_cbc_sha
Tls_ecdh_ecdsa_with_aes_128_cbc_sha
tls_ecdh_ecdsa_with_aes_128_cbc_sha256
tls_ecdh_ecdsa_with_aes_128_ gcm_sha256
Tls_ecdh_ecdsa_with_aes_256_cbc_sha
tls_ecdh_ecdsa_with_aes_256_cbc_sha384
TLS_ECDH_ECDSA_ with_aes_256_gcm_sha384
tls_ecdh_ecdsa_with_aria_128_cbc_sha256
tls_ecdh_ecdsa_with_aria_128_gcm_sha256
tls_ecdh_ecdsa_with_aria_256_cbc_sha384
tls_ecdh_ecdsa_with_aria_256_gcm_sha384
TLS_ECDH_ECDSA_WITH_ camellia_128_cbc_sha256
tls_ecdh_ecdsa_with_camellia_128_gcm_sha256
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC _sha384
tls_ecdh_ecdsa_with_camellia_256_gcm_sha384
tls_ecdhe_psk_with_null_sha256
tls_ecdhe_psk_with_null_sha384
Tls_ecdhe_psk_with_rc4_128_sha
Tls_ecdhe_psk_with_3des_ede_cbc_sha
Tls_ecdhe_psk_with_aes_128_cbc_sha
tls_ecdhe_psk_with_aes_128_cbc_sha256
Tls_ecdhe_psk_with_aes_256_cbc_sha
tls_ecdhe_psk_with_aes_256_cbc_sha384
tls_ecdhe_psk_with_aria_128_cbc_sha256
tls_ecdhe_psk_with_aria_256_cbc_sha384
tls_ecdhe_psk_with_camellia_128_cbc_sha256
tls_ecdhe_psk_with_camellia_256_cbc_sha384
Tls_ecdhe_rsa_with_null_sha
Tls_ecdhe_rsa_with_rc4_128_sha
Tls_ecdhe_rsa_with_3des_ede_cbc_sha
Tls_ecdhe_rsa_with_aes_128_cbc_sha
tls_ecdhe_rsa_with_aes_128_cbc_sha256
Tls_ecdhe_rsa_with_aes_256_cbc_sha
tls_ecdhe_rsa_with_aes_256_cbc_sha384
tls_ecdhe_rsa_with_aria_128_cbc_sha256
tls_ecdhe_rsa_with_aria_256_cbc_sha384
tls_ecdhe_rsa_with_camellia_128_cbc_sha256
tls_ecdhe_rsa_with_camellia_256_cbc_sha384
Tls_ecdhe_ecdsa_with_null_sha
Tls_ecdhe_ecdsa_with_rc4_128_sha
Tls_ecdhe_ecdsa_with_3des_ede_cbc_sha
Tls_ecdhe_ecdsa_with_aes_128_cbc_sha
tls_ecdhe_ecdsa_with_aes_128_cbc_sha256
Tls_ecdhe_ecdsa_with_aes_256_cbc_sha
tls_ecdhe_ecdsa_with_aes_256_cbc_sha384
tls_ecdhe_ecdsa_with_aria_128_cbc_sha256
tls_ecdhe_ecdsa_with_aria_256_cbc_sha384
tls_ecdhe_ecdsa_with_camellia_128_cbc_sha256
tls_ecdhe_ecdsa_with_camellia_256_cbc_sha384
HTTP2 Password Group blacklist