It's be enabled only for pages with "[NopHttpsRequirement(SslRequirement.Yes)]" attribute in version 2.40.
"securitySettings.ForceSslForAllPages" setting (to protec the entire site) was implemented in version 3.10. Please see how it's used in the \Nop.Web.Framework\Security\NopHttpsRequirement.cs (in the latest version)