When using client-side encryption with the S3 binary manager, a blob length is computed from the length of the encrypted binary in the S3 storage, which is slightly bigger than the un-encrypted file. This breaks some download methods which expect the Content-Length to be consistent.
The fix is to consider the length stored as metadata in the database as authoritative and stop relying on a binarymanager-provided length (NXP-14256).
This ticket is similar to NXP-19852 but is only for Nuxeo 6.0 where the code from the binary manager is slightly different.