There are various reasons that we do not support SSL/TLS out of the box e.g.
- If we ship a default keystore then everyone has access to the private key.
- Generating one on first boot we do not have sufficient information to generate it correctly, also the performance overhead.
This issue is to explorer other options to encourage their use and make it easier to configure.
As an example could the admin console detect a non encrypted connection and have an box that encourages the config along with a wizard like workflow to get it set up?