Some time back, I followed CLI zmtlsctl to set Web Server Mode - Zimbra :: Wiki to set my mode to "redirect". While doing some tcpdumping, I just happened to notice that this is apparently not happening in a few places, and non-SSL traffic is getting through. Specifically. if I go to:

http://server.domain.com, I get redirected to https://server.domain.com:443/zimbra/

However, if I hit either of these next two URLs, I don't get redirected and in fact the calendar path prompts for a username and password without SSL:

http://server.domain.com/home/user/Calendar => password prompt
http://server.domain.com/service/soap => the expected 405 error, but no redirection or SSL-related error

I've even confirmed that I have the REDIRECT blocks in zimbra.web.xml and zimbraAdmin.web.xml:

Code:
    <security-constraint>
        <web-resource-collection>
        <web-resource-name>force https</web-resource-name>
        <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
mailboxd has definitely been restarted since running zmtlsctl, so I'm not sure what is going on...

-Mike