It has been easy to add "If you are a registered user I serve you a secure connection" doing in default-master.adp
# All content will be secured if you are registered
# or RestrictToSSL Paremeter List used
set ssl_to_reg_users_p trueif { $ssl_to_reg_users_p && $untrusted_user_id != 0 } {
security::require_secure_conn
}
I've tried to "redirect always a secure connection to insecure connection" but I have to take care with RestrictToSSL List (and not fall to a redirection problem). I'm working on it.
This logic (secure conn to registered users and insecure conn elsewere but REstricttoSSL directory list) seem to be simple to deploy