Correct on all counts. If you have suggestions on where to best document the
problem, I'd like to hear them.

It may be possible to make a quick hack around the problem by opening a pipe to
'openssl s_client -connect server:port' and using that for communications. This
is pretty analogous to what we do for ssh, actually.