Can you use both? Of course you can! Here comes the (computer) science… One of the big performance benefits of moving to HTTP/2 comes from its extensive use of multiplexing. For the uninitiate...
What about Security aspect of it? We know that network security products often looks for patterns in traffic to identify potential threats, how will they be able to recognize patterns under this kind of multiplexing?