HTTP/2 is based in large part on Google’s SPDY. SPDY did some things that HTTP/2 does not. It required the use of TLS (Transport Layer Security) to enhance privacy and security. HTTP/2 makes this optional; it can operate over TLS or over plain TCP. Some vendors, however, have said that their implementations will only support HTTP/2 over encrypted TLS connections to regain these privacy benefits.
Okay, so some browsers will require TLS and others won’t? No wonder I’m confused. If I were to guess, I’d imagine we’ll see most browsers support unencrypted HTTP/2 in a few years, provided enough of them support unencrypted connections initially. (Who would want to be the vendor of the only browser that’s forced to use the slower HTTP/1.1 on some sites?)
That’s not to say TLS is a bad idea. I just don’t think this requirement will stand the test of time given that it’s already giving way.