If Open-Xchange detects an encrypted connections through HTTPS every cookie is automatically flagged as secure. When HTTPS is terminated in front of Open-Xchange by some load balancer, the code is not able to detect that the connection is encrypted. Then the following parameter can be used to force the secure flag for cookies:

com.openexchange.cookie.forceHTTPS=false

This parameter is added to configuration file server.properties.