Two changes for the default config:
  1. $change_back_to_http_after_login = 0;
     See Ubuntu bug 321304 for more info.
  2. $sl_securePort = '443';
     I still don't know why but having it unset can cause trouble. Setting it
     to Debian's default ssl port doesn't do any harm, though.
Index: squirrelmail-secure-login/config.sample.php
===================================================================
--- squirrelmail-secure-login.orig/config.sample.php
+++ squirrelmail-secure-login/config.sample.php
@@ -21,7 +21,7 @@
    // if you want user sessions to remain in SSL for their entire duration, 
    // set the following to zero:
    //
-   $change_back_to_http_after_login = 1;
+   $change_back_to_http_after_login = 0;
 
 
 
@@ -127,6 +127,7 @@
    //
    // $sl_securePort = '';
    // $sl_securePort = '888';
+   $sl_securePort = '443';
 
 
 
