This feature is marked experimental as of this time and needs to be explicitly enabled in the build to function.
As of January 2022, the HTTP/3 protocol has not yet been finalized. Everything and everyone that speaks HTTP/3 at this point does it with the knowledge and awareness that it might change going forward.
HTTP/3 is the HTTP version that is designed to communicate over QUIC. QUIC can for all particular purposes to be considered as a TCP+TLS replacement.
All requests that do HTTP/3 will therefore not use TCP. They will use QUIC. QUIC is a reliable transport protocol built over UDP. HTTP/3 implies use of QUIC.
HTTP/3 is performed over QUIC which is always using TLS, so HTTP/3 is by definition always encrypted and secure. Therefore, curl only uses HTTP/3 for
As a shortcut straight to HTTP/3, to make curl attempt a QUIC connect directly to the given host name and port number, use
--http3. Like this:
curl --http3 https://example.com/
Normally, without the
HTTPS://URL implies that a client needs to connect to it using TCP (and TLS).
Note that you need that feature built-in and that it does not switch to HTTP/3 for the current request unless the alt-svc cache is already populated, but it will rather store the info for use in the next request to the host.
A certain amount of QUIC connection attempts will fail, partly because many networks and hosts block or throttle the traffic.
Currently, curl features no fall-back logic but if an HTTP/3 (or QUIC rather) connection fails it will be reported as, yes, a failure.
Web browsers will upgrade to HTTP/3 in the background and only switch over once they know it works, which is a smoother way that does not break things for users as much.
Future curl versions will likely offer better fall-back and error handling for this.