Did you get a chance to look at http://apachessl.c2.org/ This is the SSL implementation for Apache. We will soon have the WRAPPED Method for HTTP 1.2 This is intended to allow any HTTP message to be transfer encoding. The spec is currently under revision/development, but it might be useful to consider what we would need to support SSL, apart from a company to pay RSA.