HTTP port can be used for inspecting TLS configuration

I have Traefik deployed at Kubernetes and it provides two entrypoints:

  • one for HTTP
  • another for HTTPS

There is no redirect from HTTP to HTTPS (instead a redirectScheme Middleware sends a HTTP status code 301 and a HTTPS URL)

It is possible to send an HTTPS request to the HTTP port. Additionally, tools for examining the TLS configuration (supported TLS versions, cipher suites, ...) also work with the HTTP port.
e.g.: the following command can retrieve the TLS configuration of Traefik:

docker run https://${HOSTNAME}:80

As I am using a LoadBalancer in front of Traefik which is responsible for TLS / certificate management, I would expect that the HTTP port (when no redirect is configured) would never reveal any TLS configuration.

Is this behavior intended /expected?