• http.get_url parses the url to produce a port table: {service: "https", number: 443}
• http.request is eventually called with the port table and this is passed to comm.tryssl
• comm.tryssl passes the port table to comm.bestoption, which calls comm.is_ssl, which calls shortport.ssl
• shortport.ssl calls shortport.port_or_service which returns false because both the port_checker and service_checker demand that port.state be either "open" or "open|filtered", but port.state is not set in this case
• thus comm.tryssl uses opts.proto="tcp" instead of "ssl" when calling comm.opencon

I can think of four fixes:-

1. shortport.includes, used by the checker functions, could return true if a nil value is being checked for inclusion in a set
2. the shortport checker functions could avoid testing port.state for inclusion in a set of states if port.state is not set (and return true when the other demands are met).
3. http.get_url could add port.state="open" after parsing its url argument.
4. http.request could set port.state

Doing option 3 seems appropriate, but it doesn't help script writers using other http.lua functions such as get or head. Option 1 seems like the right thing to do, except that it arguably violates the principle of least surprise. Options 2 and 4 are probably not the appropriate places to solve this problem.