Forum OpenACS Q&A: Response to Secure Vs. Insecure locations
Unless I am missing something I think that the RestrictToSSL parameter tells the ACS that I want for example '/acs-admin' to only be accessible through https. However it does not take care of telling the request processor where to redirect the browser to for the secure connection (ie https://www.server.com:8443/acs-admin).
Thus setting this parameter will prevent anyone connecting to '/acs-admin' using http but will not automatically switch to https and add the port number for the secure location.