According to upstream, it actually seems to be a bug in openssl, which doesn't send a Content-Length header. I've reported it:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810752 -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)