I agree with this observation, and postulate that if a server window is in protected SSL mode then it should skip over all server entries within a group that contain no SSL defined ports. The current behavior is to recycle the SSL port from one server entry onto the IP address of another server entry, causing you to arrive at a mismatched and random server/port internet service.


Well. At least I won lunch.
Good philosophy, see good in bad, I like!