If I do send plain HTTP to an SSL enabled vhost the expected 400 Bad Request Answer do not have any HTTP headers nor a status line only the HTML is sent. Request: GET /foobar HTTP/1.1 Host: localhost Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN" <html><head <title>400 Bad Request</title </head><body <h1>Bad Request</h1 <p>Your browser sent a request that this server could not understand.<br / Reason: You're speaking plain HTTP to an SSL-enabled server port.<br / Instead use the HTTPS scheme to access this URL, please.<br / <blockquote>Hint: <a href="https://xxx:yyy/"><b>https://xxx:yyy/</b></a></blockquote></p </body></html OK
I think the problem is, that mod ssl does consume the bytes before it sees that this is not ssl. As soon as it detect something other than SSL it does a dummy bucket with "GET /" into the bucket brigade. This "GET /" does lead to r->assbackward == 1 which means HTTP/0.9. In this case no headers at all is not a wrong behavour.
Yeah. It's an 80% solution; browsers will grok that response as HTML anyway, but if they don't, well, sending them an SSL alert would have confused them just as much.