When the AP or security appliance sees an HTTP GET request from a non-authenticated user, it will redirect that request to its configured Splash page. If the user's initial request is using HTTPS, however, their request is encrypted and therefore cannot be redirected. As such, the request will time out.