I did this

1. Compiled the following C++ program

#include <thread>
#include <iostream>
#include <chrono>

#include <curl/curl.h>

using namespace std::literals;

int main()
{
	CURL* curl = curl_easy_init();
	curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);
	curl_easy_setopt(curl, CURLOPT_URL, "https://localhost:1234/");
	curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);

	auto error = curl_easy_perform(curl);

	if (error != CURLE_OK)
	{
		std::cerr << "perform failed: " << curl_easy_strerror(error) << '\n';
		return 1;
	}

	char c;
	while (true)
	{
		std::size_t bytes_read;
		error = curl_easy_recv(curl, &c, 1, &bytes_read);
		if (error == CURLE_AGAIN)
		{
			std::this_thread::sleep_for(20ms);
			continue;
		}
		if (error != CURLE_OK)
		{
			std::cerr << "recv failed: " << curl_easy_strerror(error) << '\n';
			return 1;
		}
		if (bytes_read == 0)
		{
			std::cerr << "recv got eof\n";
			return 1;
		}
		break;
	}
	std::cout << "Read byte '" << c << "'; exiting\n";
	return 0;
}

2. Ran it against a TLS 1.3 server (using yes | openssl s_server -accept 1234 -cert cert.pem -key key.pem -tls1_3)

3. Received the error "recv failed: A libcurl function was given a bad argument"

I bisected this to 242a143. Earlier commits (I tested back to 8.9.1) work correctly.

This works correctly on Linux (using OpenSSL 3.5.2). TLS 1.3 works with schannel when not using a connect-only handle.

I expected the following

The output "Read byte 'y'; exiting"

curl/libcurl version

Bisected commit:
curl 8.12.1-DEV (Windows) libcurl/8.12.1-DEV Schannel
Release-Date: [unreleased]
Protocols: http https ws wss
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI threadsafe UnixSockets

Latest tested commit (0780de2):
curl 8.17.0-DEV (Windows) libcurl/8.17.0-DEV Schannel
Release-Date: [unreleased]
Protocols: http https ws wss
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI threadsafe UnixSockets

operating system

Windows 11