Been a while. Oh well.
Anyway, looks like a lot of people have expressed interest in how we do xml-rpc over (under?) ssl, and a lot of speculation. Of course, the answers are in the source code ;->
Basically, there is a https class hacked into the python package based on the M2Crypto openssl bindings (in the openssl-python package). Then some mods to python-xmlprc to allow the use of https and to do CA checking. This is what the client apps use to do ssl
Server side is apache and mod_ssl/openssl.
Seems to work well.