When eZPublish switches to/from SSL through the SSL Zone functionality it is inconsistent on how it builds the redirection URL.

When switching to SSL eZPublish uses the HTTP_HOST variable to generate the redirection URL as seen below:

// switch to HTTPS
$host = eZSys::serverVariable( 'HTTP_HOST' );
$host = preg_replace( '/:\d+$/', '', $host );
 
$ini = eZINI::instance();
$sslPort = $ini->variable( 'SiteSettings', 'SSLPort' );
$sslPortString = ( $sslPort == eZSSLZone::DEFAULT_SSL_PORT ) ? '' : ":$sslPort";
$sslZoneRedirectionURL = "https://" . $host  . $sslPortString . $indexDir . $requestURI;

When switching from SSL eZPublish uses the SiteURL ini directive to generate the redirection URL as seen below:

// switch to plain HTTP
$ini = eZINI::instance();
$host = $ini->variable( 'SiteSettings', 'SiteURL' );
$sslZoneRedirectionURL = "http://" . $host . $indexDir . $requestURI;

All code mentioned above is found in the kernel ezsslzone.php file. (http://pubsvn.ez.no/doxygen/trunk/html/ezsslzone_8php_source.html) around line #241

I don't think this is necessarily a "bug", but it seems like this is something that should be made consistent to prevent confusion.

Steps to reproduce

To reproduce, you'll want to enable SSLZones in your site.ini file and set your site URL to a different URL then what you're actually using.

Something similar to the following in your site.ini should suffice

[SSLZoneSettings]
SSLZones=enabled
SSLSubtrees[]
SSLSubtrees[]=/subtree-name