Thank you for reporting this. We're going to change the default in the next release so that this doesn't happen.
You should be able to add the following to your user.config file. After changing the user.config, you will have to "touch" the web.config to get IIS to reload both files.
<add key="ForceHttpForCanonicalUrlsThatDontRequireSsl" value="false" />
Let us know if that doesn't do the trick for you.