I'm not sure how it was previously but in 3.x moving to HTTPS site wide is fairly easy, out of curiosity why would you want to fix the flaws and use HTTPS only for login when someone could do a MITM attack and grab the authentication cookie of an administrator. Maybe I'm missing something but it just seems like a great way to potentially give someone open season on your install.
Security and privacy
SSL Proxy woes
This discussion has been locked so you can no longer reply to it.