The HTTP Bundle supports secure connection using the Secure Socket Layer (SSL) – refer to the "HTTP Secure Server Configuration" sections in the Setup Guide and in the User Guide for more information about how to tune the OSGi Runtime to establish secure connections. SSL is an application independent security mechanism that combines several encrypting algorithms for safe exchange of information between two parties. Applications act over SSL transparently without the necessity to track the SSL sessions. SSL is an integral part of most of the Web browsers.

SSL runs on the TCP/IP network technology. HTTP with SSL reserves port # 443 for communication. Meanwhile, the server continues to use port # 80 for regular plain connections. An HTTP client requests a secure HTTP connection session by adding an "s" suffix after "http" in the HTTP request line. For example: https://127.0.0.1:443.

The HTTP Bundle employs SSL secure sockets over the Java Secure Socket Extension (JSSE) API. You can use the default JSSE implementation of your JVM or a third party JSSE implementation.

When using SSL the communication speed slows down. This is natural since resources are taken in order to exchange keys and certificates, and to encrypt and decrypt information.

To activate HTTP over SSL, set to "true" the secureConnection property of the mbs.http.pid configuration or the system property mbs.http.secureConnection before starting the HTTP Bundle. Refer to the OSGi HTTP Bundle's system properties in the Setup Guide and in the User Guide for more information about how to configure it.