I just installed 4.3.0.4 and although I really like the new

I just installed 4.3.0.4 and although I really like the new SSL options, I'm finding a few issues.

1. Force http/https (Only for original domain)
This isn't actually forcing HTTPS for the admin, I can view the admin in HTTP and it's not redirecting me

2. The new Excluded pages option mostly works, if I check off both "Exclude" and "Force ssl" for a page, all the pages leading to this excluded/ssl page will have the proper link (i.e https://subdomain.mainsite.com/my-secure-page.

Except once I'm on this excluded/secure page, all links in the menu/page content are still using the https/subdomain. This is mostly fine as I'd expect a redirect back to the mapped domain/http once you reach another page, except the redirection is as follows:

1. https://subdomain.mainsite.com/my-secure-page (current page) ->
2. https://subdomain.mainsite.com/some-other-non-ssl-page ->
3. https://my-mapped-domain.com/some-other-non-ssl-page ->
4. http://my-mapped-domain.com/some-other-non-ssl-page

It's at step 3 that you run into issues, once you reach the mapped domain loaded via HTTPS, the browser complains about the insecure page and you're dead in the water. You can always nudge the browser forward by forcing it to load the insecure page but joe-public isn't going to do this. The redirection needs to go from 2 -> 4 in my steps above.

Any ideas?