Changing this setting doesn't do anything on my installation. What does it actually do?
I have it switched on for my test domain and I can't see any difference in the traffic whether it's switched on or not, whether I'm logging in over HTTP or HTTPS. Additionally I'm a bit confused as to why it's set on each domain as opposed to server-wide.
I thought I remembered reading that SM16 would automatically have a setting that would redirect over to HTTPS, but this 'Force all traffic over HTTPS' is the only HTTPS-related setting I can find. In SM versions before 16 I ran two separate sites, one listening on HTTP with a redirect to the one listening on HTTPS. This meant I didn't have to reconfigure the redirect with each minor version update. I've set my single SM16 site to listen to on both HTTP and HTTPS bindings but logins can still happen over HTTP.
Did I misunderstand and do I still need my own method of enforcing HTTPS?