Have a look at the proxomitron logs in
http://www.rejetto.com/forum/index.php?topic=3682.0I think HFS is behaving correctly on the 302 redirect with ~login. Behind Stunnel it talks http only and redirects to http correctly. HFS does not know that there is Stunnel. And Stunnel behaves imho also correct, because it doesnt know whether the redirect is http on purpose. So it does what it is told.
But maybe you (we) can nicely ask Rejetto to make an option to switch the redirect to https:// for the ~login redirect when HFS is serving behind Stunnel, by forcing header "Location: https://..."
Tried to find some clues in the source code 2.0a, but i'm missing the experience to draw conclusions.
But still then i'm not sure whether this will work.
Or let Proxomitron do the job by filtering and modifying the outgoing header, but i didn't try it yet.