netcat w/stunnel

   cat << eof > 1.cfg
   [ x ]
   accept=127.0.0.255:80 
   client=yes
   connect=137.135.98.207:443
   options=NO_TICKET
   options=NO_RENEGOTIATION
   renegotiation=no
   sni=
   sslVersion=TLSv1.3
   eof
   stunnel 1.cfg
 
   printf 'GET /lisa.jpg HTTP/1.0\r\nHost: youcantdownloadthisimage.online\r\nAccept-Encoding: gzip\r\n\r\n' \
   |nc -w1 -vv 127.255 80 |jpgx > 1.jpg

openssl

   printf 'GET /lisa.jpg HTTP/1.0\r\nHost: youcantdownloadthisimage.online\r\nAccept-Encoding: gzip\r\n\r\n' \
   |timeout 3 openssl s_client -tls1_3 -connect 137.135.98.207:443 -ign_eof|jpgx  > 1.jpg

jpgx (custom filter: extract JPG from stdin; foremost will not work for this image, see byte 8114, etc.)

    sed '1,3s/^ */ /;4,18s/^ *//' << eof > jpgx.l
    int fileno(FILE *);
    #define jmp (yy_start) = 1 + 2 *
    #define echo do {if(fwrite(yytext,(size_t)yyleng,1,yyout)){}}while(0)
   xa "\xff\xd8"    
   xb "\xff\xd9"    
   %s xa 
   %option noyywrap noinput nounput
   %%
   {xa} putchar(255);putchar(216);jmp xa;
   <xa>{xb} echo;yyterminate();
   <xa>.|\n echo;
   .|\n
   %%
   int main(){ yylex();exit(0);}
   eof
   
   flex -8iCrf jpgx.l;
   cc -std=c89 -Wall -pedantic -I. -pipe lex.yy.c -static -o jpgx;