From ac8cbf57f9ed6582dcc2149d052f28a99a391ff6 Mon Sep 17 00:00:00 2001
From: Ilia Ross <ilia@ross.gdn>
Date: Fri, 10 Apr 2026 18:56:41 +0200
Subject: [PATCH] Fix to handle HTTPS update sources with outbound SSL fallback

---
 WebminCore.pm            |  2 +-
 usermin/update.cgi       | 14 +++++++-------
 usermin/update.pl        | 32 +++++++++++++++++++++++---------
 usermin/update_sched.cgi |  4 ++--
 usermin/upgrade.cgi      |  7 +++++--
 usermin/usermin-lib.pl   | 12 ++++++++----
 web-lib-funcs.pl         | 18 ++++++++++++++++--
 webmin/edit_ssl.cgi      |  2 +-
 webmin/upgrade.cgi       |  5 ++++-
 webmin/webmin-lib.pl     | 27 ++++++++++++++++-----------
 10 files changed, 83 insertions(+), 40 deletions(-)

diff --git a/WebminCore.pm b/WebminCore.pm
index 1d825ab93..f78a4cd2f 100644
--- a/WebminCore.pm
+++ b/WebminCore.pm
@@ -23,7 +23,7 @@ $main::export_to_caller = 1;
 # Add functions in web-lib-funcs.pl
 # Generated with :
 # grep -h "^sub " web-lib-funcs.pl ui-lib.pl | sed -e 's/sub //' | xargs echo
-@EXPORT = qw(read_file read_file_cached read_file_cached_with_stat write_file html_escape html_unescape html_strip quote_escape quote_literal_escape quote_javascript default_webmin_temp_dir tempname_dir tempname_dir_sys tempname transname transname_timestamped trunc indexof indexoflc sysprint check_ipaddress check_ip6address is_non_public_ipaddress generate_icon urlize un_urlize include copydata ReadParseMime ReadParse read_fully read_parse_mime_callback read_parse_mime_javascript PrintHeader header get_html_title get_html_framed_title get_html_status_line popup_header footer popup_footer load_module_preferences load_theme_library redirect kill_byname kill_byname_logged find_byname error error_stderr popup_error register_error_handler call_error_handlers error_setup wait_for fast_wait_for has_command make_date make_date_relative file_chooser_button popup_window_button popup_window_link read_acl acl_filename acl_check get_miniserv_config_file get_miniserv_config put_miniserv_config restart_miniserv reload_miniserv check_os_support http_download complete_http_download http_post ftp_download ftp_upload no_proxy open_socket download_timeout ftp_command to_ipaddress to_ip6address to_hostname icons_table replace_meta replace_file_line read_file_lines flush_file_lines unflush_file_lines unix_user_input unix_group_input hlink user_chooser_button group_chooser_button foreign_check foreign_exists foreign_available foreign_require foreign_call foreign_config foreign_installed foreign_defined get_system_hostname get_webmin_version get_webmin_version_release get_webmin_full_version get_module_acl get_group_module_acl save_module_acl save_group_module_acl init_config load_language_auto load_language text_subs text encode_base64 decode_base64 encode_base32 decode_base32 get_module_info get_all_module_infos list_themes get_theme_info list_locales list_languages safe_language read_env_file write_env_file lock_file unlock_file test_lock unlock_all_files can_lock_file webmin_log additional_log var_dump webmin_debug_log system_logged backquote_logged backquote_with_timeout backquote_command kill_logged rename_logged rename_file symlink_logged symlink_file link_file make_dir make_dir_recursive set_ownership_permissions unlink_logged unlink_file copy_permissions_source_dest copy_source_dest move_source_dest remote_session_name verify_session_id remote_foreign_require remote_foreign_call remote_foreign_check remote_foreign_config remote_eval remote_write remote_read remote_finished remote_error_setup remote_rpc_call remote_multi_callback remote_multi_callback_error serialise_variable unserialise_variable other_groups date_chooser_button help_file read_help_file seed_random disk_usage_kb recursive_disk_usage help_search_link make_http_connection validate_ssl_connection read_http_connection write_http_connection close_http_connection clean_environment reset_environment clean_language progress_callback switch_to_remote_user switch_to_unix_user eval_as_unix_user create_user_config_dirs create_missing_homedir filter_javascript resolve_links simplify_path same_file flush_webmin_caches list_usermods available_usermods get_available_module_infos get_visible_module_infos get_visible_modules_categories is_under_directory parse_http_url check_clicks_function load_entities_map entities_to_ascii get_product_name get_charset get_display_hostname save_module_config save_user_module_config nice_size get_perl_path get_goto_module select_all_link select_invert_link select_rows_link check_pid_file get_mod_lib module_root_directory list_mime_types guess_mime_type open_tempfile close_tempfile print_tempfile is_selinux_enabled get_clear_file_attributes reset_file_attributes cleanup_tempnames open_lock_tempfile END month_to_number number_to_month get_rbac_module_acl supports_rbac supports_ipv6 use_rbac_module_acl execute_command open_readfile open_execute_command translate_filename translate_command register_filename_callback register_command_callback capture_function_output capture_function_output_tempfile modules_chooser_button substitute_template substitute_pattern running_in_zone running_in_vserver running_in_xen running_in_openvz list_categories is_readonly_mode command_as_user list_osdn_mirrors convert_osdn_url get_current_dir supports_users supports_symlinks quote_path get_windows_root read_file_contents write_file_contents read_file_contents_limit unix_crypt split_quoted_string write_to_http_cache check_in_http_cache clear_http_cache supports_javascript get_module_name get_module_variable clear_time_locale reset_time_locale callers_package web_libs_package get_userdb_string connect_userdb disconnect_userdb split_userdb_string uniquelc list_combined_webmin_menu list_modules_webmin_menu module_to_menu_item list_combined_system_info shell_is_bash compare_version_numbers convert_to_json convert_from_json print_json get_referer_relative get_webmin_email_url get_webmin_browser_url trim ui_link ui_help ui_img ui_link_button ui_table_start ui_table_end ui_table_row ui_table_hr ui_table_span ui_columns_start ui_columns_row ui_columns_header ui_checked_columns_row ui_radio_columns_row ui_columns_end ui_columns_table ui_form_columns_table ui_form_elements_wrapper ui_form_start ui_form_end ui_form_end_side_by_side ui_textbox ui_filebox ui_bytesbox ui_upload ui_password ui_hidden ui_select ui_multi_select ui_multi_select_javascript ui_radio ui_yesno_radio ui_radio_row ui_checkbox ui_oneradio ui_textarea ui_user_textbox ui_users_textbox ui_group_textbox ui_groups_textbox ui_opt_textbox ui_submit ui_reset ui_button ui_date_input ui_buttons_start ui_buttons_end ui_buttons_row ui_buttons_hr ui_post_header ui_pre_footer ui_print_header ui_print_unbuffered_header ui_print_footer ui_config_link ui_print_endpage ui_subheading ui_links_row ui_hidden_javascript ui_hidden_start ui_hidden_end ui_hidden_table_row_start ui_hidden_table_row_end ui_hidden_table_start ui_hidden_table_end ui_tabs_start ui_tabs_end ui_tabs_start_tab ui_tabs_start_tabletab ui_tabs_end_tab ui_tabs_end_tabletab ui_max_text_width ui_radio_selector ui_radio_selector_javascript ui_switch_theme_javascript ui_grid_table ui_radio_table ui_up_down_arrows ui_hr ui_nav_link ui_confirmation_form ui_text_color ui_alert_box js_disable_inputs ui_page_flipper js_checkbox_disable js_redirect ui_webmin_link ui_line_break_double ui_page_refresh ui_details ui_div_row ui_space ui_newline ui_text_wrap ui_element_inline ui_paginations ui_hide_outside_of_viewport ui_read_file_contents_limit ui_note ui_brh ui_tag_start ui_tag_content ui_tag_end ui_tag ui_alert ui_button_icon ui_link_icon ui_icon ui_br ui_p ui_text_mask get_python_cmd get_buffer_size get_buffer_size_binary get_webprefix get_sub_ref_name setvar getvar delvar print_call_stack webmin_user_can_rpc webmin_user_login_mode webmin_user_is_admin webmin_user_is get_current_theme_info_cached miniserv_using_default_cert is_int float is_float parse_accepted_language get_default_system_locale get_http_redirect get_http_cookie create_wrapper get_lock_links_dir allocate_miniserv_websocket get_miniserv_websocket_url remove_miniserv_websocket cleanup_miniserv_websockets get_miniserv_websockets_modules get_webmin_base_url encrypt_phrase decrypt_phrase is_encrypt_phrase);
+@EXPORT = qw(read_file read_file_cached read_file_cached_with_stat write_file html_escape html_unescape html_strip quote_escape quote_literal_escape quote_javascript default_webmin_temp_dir tempname_dir tempname_dir_sys tempname transname transname_timestamped trunc indexof indexoflc sysprint check_ipaddress check_ip6address is_non_public_ipaddress generate_icon urlize un_urlize include copydata ReadParseMime ReadParse read_fully read_parse_mime_callback read_parse_mime_javascript PrintHeader header get_html_title get_html_framed_title get_html_status_line popup_header footer popup_footer load_module_preferences load_theme_library redirect kill_byname kill_byname_logged find_byname error error_stderr popup_error register_error_handler call_error_handlers error_setup wait_for fast_wait_for has_command make_date make_date_relative file_chooser_button popup_window_button popup_window_link read_acl acl_filename acl_check get_miniserv_config_file get_miniserv_config put_miniserv_config restart_miniserv reload_miniserv check_os_support http_download complete_http_download http_post ftp_download ftp_upload no_proxy open_socket download_timeout ftp_command to_ipaddress to_ip6address to_hostname icons_table replace_meta replace_file_line read_file_lines flush_file_lines unflush_file_lines unix_user_input unix_group_input hlink user_chooser_button group_chooser_button foreign_check foreign_exists foreign_available foreign_require foreign_call foreign_config foreign_installed foreign_defined get_system_hostname get_webmin_version get_webmin_version_release get_webmin_full_version get_module_acl get_group_module_acl save_module_acl save_group_module_acl init_config load_language_auto load_language text_subs text encode_base64 decode_base64 encode_base32 decode_base32 get_module_info get_all_module_infos list_themes get_theme_info list_locales list_languages safe_language read_env_file write_env_file lock_file unlock_file test_lock unlock_all_files can_lock_file webmin_log additional_log var_dump webmin_debug_log system_logged backquote_logged backquote_with_timeout backquote_command kill_logged rename_logged rename_file symlink_logged symlink_file link_file make_dir make_dir_recursive set_ownership_permissions unlink_logged unlink_file copy_permissions_source_dest copy_source_dest move_source_dest remote_session_name verify_session_id remote_foreign_require remote_foreign_call remote_foreign_check remote_foreign_config remote_eval remote_write remote_read remote_finished remote_error_setup remote_rpc_call remote_multi_callback remote_multi_callback_error serialise_variable unserialise_variable other_groups date_chooser_button help_file read_help_file seed_random disk_usage_kb recursive_disk_usage help_search_link can_use_http_ssl make_http_connection validate_ssl_connection read_http_connection write_http_connection close_http_connection clean_environment reset_environment clean_language progress_callback switch_to_remote_user switch_to_unix_user eval_as_unix_user create_user_config_dirs create_missing_homedir filter_javascript resolve_links simplify_path same_file flush_webmin_caches list_usermods available_usermods get_available_module_infos get_visible_module_infos get_visible_modules_categories is_under_directory parse_http_url check_clicks_function load_entities_map entities_to_ascii get_product_name get_charset get_display_hostname save_module_config save_user_module_config nice_size get_perl_path get_goto_module select_all_link select_invert_link select_rows_link check_pid_file get_mod_lib module_root_directory list_mime_types guess_mime_type open_tempfile close_tempfile print_tempfile is_selinux_enabled get_clear_file_attributes reset_file_attributes cleanup_tempnames open_lock_tempfile END month_to_number number_to_month get_rbac_module_acl supports_rbac supports_ipv6 use_rbac_module_acl execute_command open_readfile open_execute_command translate_filename translate_command register_filename_callback register_command_callback capture_function_output capture_function_output_tempfile modules_chooser_button substitute_template substitute_pattern running_in_zone running_in_vserver running_in_xen running_in_openvz list_categories is_readonly_mode command_as_user list_osdn_mirrors convert_osdn_url get_current_dir supports_users supports_symlinks quote_path get_windows_root read_file_contents write_file_contents read_file_contents_limit unix_crypt split_quoted_string write_to_http_cache check_in_http_cache clear_http_cache supports_javascript get_module_name get_module_variable clear_time_locale reset_time_locale callers_package web_libs_package get_userdb_string connect_userdb disconnect_userdb split_userdb_string uniquelc list_combined_webmin_menu list_modules_webmin_menu module_to_menu_item list_combined_system_info shell_is_bash compare_version_numbers convert_to_json convert_from_json print_json get_referer_relative get_webmin_email_url get_webmin_browser_url trim ui_link ui_help ui_img ui_link_button ui_table_start ui_table_end ui_table_row ui_table_hr ui_table_span ui_columns_start ui_columns_row ui_columns_header ui_checked_columns_row ui_radio_columns_row ui_columns_end ui_columns_table ui_form_columns_table ui_form_elements_wrapper ui_form_start ui_form_end ui_form_end_side_by_side ui_textbox ui_filebox ui_bytesbox ui_upload ui_password ui_hidden ui_select ui_multi_select ui_multi_select_javascript ui_radio ui_yesno_radio ui_radio_row ui_checkbox ui_oneradio ui_textarea ui_user_textbox ui_users_textbox ui_group_textbox ui_groups_textbox ui_opt_textbox ui_submit ui_reset ui_button ui_date_input ui_buttons_start ui_buttons_end ui_buttons_row ui_buttons_hr ui_post_header ui_pre_footer ui_print_header ui_print_unbuffered_header ui_print_footer ui_config_link ui_print_endpage ui_subheading ui_links_row ui_hidden_javascript ui_hidden_start ui_hidden_end ui_hidden_table_row_start ui_hidden_table_row_end ui_hidden_table_start ui_hidden_table_end ui_tabs_start ui_tabs_end ui_tabs_start_tab ui_tabs_start_tabletab ui_tabs_end_tab ui_tabs_end_tabletab ui_max_text_width ui_radio_selector ui_radio_selector_javascript ui_switch_theme_javascript ui_grid_table ui_radio_table ui_up_down_arrows ui_hr ui_nav_link ui_confirmation_form ui_text_color ui_alert_box js_disable_inputs ui_page_flipper js_checkbox_disable js_redirect ui_webmin_link ui_line_break_double ui_page_refresh ui_details ui_div_row ui_space ui_newline ui_text_wrap ui_element_inline ui_paginations ui_hide_outside_of_viewport ui_read_file_contents_limit ui_note ui_brh ui_tag_start ui_tag_content ui_tag_end ui_tag ui_alert ui_button_icon ui_link_icon ui_icon ui_br ui_p ui_text_mask get_python_cmd get_buffer_size get_buffer_size_binary get_webprefix get_sub_ref_name setvar getvar delvar print_call_stack webmin_user_can_rpc webmin_user_login_mode webmin_user_is_admin webmin_user_is get_current_theme_info_cached miniserv_using_default_cert is_int float is_float parse_accepted_language get_default_system_locale get_http_redirect get_http_cookie create_wrapper get_lock_links_dir allocate_miniserv_websocket get_miniserv_websocket_url remove_miniserv_websocket cleanup_miniserv_websockets get_miniserv_websockets_modules get_webmin_base_url encrypt_phrase decrypt_phrase is_encrypt_phrase);
 
 # Add global variables in web-lib.pl
 push(@EXPORT, qw(&unique));
diff --git a/usermin/update.cgi b/usermin/update.cgi
index e36c34231..37e013ca6 100755
--- a/usermin/update.cgi
+++ b/usermin/update.cgi
@@ -12,14 +12,11 @@ if ($in{'source'} == 0) {
 	$host = $update_host;
 	$port = $update_port;
 	$page = $update_page;
+	$ssl = $update_ssl;
 	}
 else {
-	$in{'other'} =~ /^(http|https):\/\/([^:\/]+)(:(\d+))?(\/\S+)$/ ||
-		&error($text{'update_eurl'});
-	$ssl = $1 eq 'https';
-	$host = $2;
-	$port = $3 ? $4 : $ssl ? 443 : 80;
-	$page = $5;
+	($host, $port, $page, $ssl) = &parse_http_url($in{'other'});
+	$host && $ssl != 2 || &error($text{'update_eurl'});
 	}
 
 # Retrieve the updates list (format is  module version url support description )
@@ -114,7 +111,10 @@ print &text('update_none'),"<br>\n" if (!$count);
 
 # Check if a new version of webmin itself is available
 $file = &transname();
-&http_download('webmin.com', 80, '/index6.html', $file);
+my ($index_host, $index_port, $index_page, $index_ssl) =
+	&parse_http_url($latest_page_url);
+&http_download($index_host, $index_port, $index_page, $file,
+	       undef, undef, $index_ssl);
 open(FILE, "<$file");
 while(<FILE>) {
 	if (/usermin-([0-9\.]+)\.tar\.gz/) {
diff --git a/usermin/update.pl b/usermin/update.pl
index 24e87de63..4b10c7744 100755
--- a/usermin/update.pl
+++ b/usermin/update.pl
@@ -8,14 +8,13 @@ if (!-r "$config{'usermin_dir'}/miniserv.conf") {
 	# Usermin not installed
 	exit(0);
 	}
+my $ssl = $update_ssl;
 
 # Get the update source
 if ($config{'upsource'}) {
-	$config{'upsource'} =~ /^http:\/\/([^:\/]+)(:(\d+))?(\/\S+)$/ ||
-		die "Invalid update source URL!";
-	$host = $1;
-	$port = $2 ? $3 : 80;
-	$page = $4;
+	($host, $port, $page, $ssl) =
+		&parse_http_url($config{'upsource'});
+	$host && $ssl != 2 || die "Invalid update source URL!";
 	}
 else {
 	$host = $update_host;
@@ -25,7 +24,7 @@ else {
 
 # Retrieve the updates list (format is  module version url support description )
 $temp = &transname();
-&http_download($host, $port, $page, $temp);
+&http_download($host, $port, $page, $temp, undef, undef, $ssl);
 open(UPDATES, "<".$temp);
 while(<UPDATES>) {
 	if (/^([^\t]+)\t+([^\t]+)\t+([^\t]+)\t+([^\t]+)\t+(.*)/) {
@@ -73,23 +72,33 @@ foreach $u (@updates) {
 		$rv .= &text('update_mok', $u->[0], $u->[1])."\n".
 		       $text{'update_fixes'}." : ".$u->[4]."\n\n";
 		if ($u->[2] =~ /^http:\/\/([^:\/]+)(:(\d+))?(\/\S+)$/) {
+			$mssl = 0;
 			$mhost = $1;
 			$mport = $2 ? $3 : 80;
 			$mpage = $4;
 			}
+		elsif ($u->[2] =~ /^https:\/\/([^:\/]+)(:(\d+))?(\/\S+)$/) {
+			$mssl = 1;
+			$mhost = $1;
+			$mport = $2 ? $3 : 443;
+			$mpage = $4;
+			}
 		elsif ($u->[2] =~ /^\/\S+$/) {
+			$mssl = $ssl;
 			$mhost = $host;
 			$mport = $port;
 			$mpage = $u->[2];
 			}
 		else {
+			$mssl = $ssl;
 			$mhost = $host;
 			$mport = $port;
 			($mpage = $page) =~ s/[^\/]+$//;
 			$mpage .= $u->[2];
 			}
 		$mtemp = &transname();
-		&http_download($mhost, $mport, $mpage, $mtemp, \$error);
+		&http_download($mhost, $mport, $mpage, $mtemp,
+			       \$error, undef, $mssl);
 		if ($error) {
 			$rv .= "$error\n\n";
 			last;
@@ -110,7 +119,10 @@ foreach $u (@updates) {
 
 # Check if a new version of usermin itself is available
 $file = &transname();
-&http_download('webmin.com', 80, '/index6.html', $file);
+my ($index_host, $index_port, $index_page, $index_ssl) =
+	&parse_http_url($latest_page_url);
+&http_download($index_host, $index_port, $index_page, $file,
+	       undef, undef, $index_ssl);
 open(FILE, "<".$file);
 while(<FILE>) {
 	if (/usermin-([0-9\.]+)\.tar\.gz/) {
@@ -133,7 +145,9 @@ if ($config{'upemail'} && $rv && &foreign_check("mailboxes")) {
 	local $version = $gconfig{'real_os_version'} || $gconfig{'os_version'};
 	local $myhost = &get_system_hostname();
 	$data .= "$myhost ($type $version)\n\n";
-	$data .= &text('update_rv', "http://$host:$port$page")."\n\n";
+	$data .= &text('update_rv',
+		       ($ssl ? "https://" : "http://").
+		       "$host:$port$page")."\n\n";
 	$data .= $rv;
 	&mailboxes::send_text_mail(&mailboxes::get_from_address(),
 				   $config{'upemail'},
diff --git a/usermin/update_sched.cgi b/usermin/update_sched.cgi
index 602bce8e2..0bea6430c 100755
--- a/usermin/update_sched.cgi
+++ b/usermin/update_sched.cgi
@@ -14,8 +14,8 @@ if ($in{'source'} == 0) {
 	$config{'upsource'} = undef;
 	}
 else {
-	$in{'other'} =~ /^http:\/\/([^:\/]+)(:(\d+))?(\/\S+)$/ ||
-		&error($text{'update_eurl'});
+	my ($host, $port, $page, $ssl) = &parse_http_url($in{'other'});
+	$host && $ssl != 2 || &error($text{'update_eurl'});
 	$config{'upsource'} = $in{'other'};
 	}
 $config{'update'} = $in{'enabled'};
diff --git a/usermin/upgrade.cgi b/usermin/upgrade.cgi
index 0869ed7bc..992a532a3 100755
--- a/usermin/upgrade.cgi
+++ b/usermin/upgrade.cgi
@@ -48,7 +48,10 @@ elsif ($in{'source'} == 2) {
 	# find latest version at webmin.com by looking at index page
 	&error_setup($text{'upgrade_err3'});
 	$file = &transname();
-	&http_download('webmin.com', 80, '/index6.html', $file, \$error);
+	my ($index_host, $index_port, $index_page, $index_ssl) =
+		&parse_http_url($latest_page_url);
+	&http_download($index_host, $index_port, $index_page, $file, \$error,
+		       undef, $index_ssl);
 	$error && &inst_error($error);
 	open(FILE, "<$file");
 	while(<FILE>) {
@@ -150,7 +153,7 @@ $qfile = quotemeta($file);
 # Get list of updates
 $updatestemp = &transname();
 &http_download($update_host, $update_port, $update_page, $updatestemp,
-               \$updates_error);
+               \$updates_error, undef, $update_ssl);
 
 if ($in{'mode'} eq 'rpm') {
 	# Check if it is an RPM package
diff --git a/usermin/usermin-lib.pl b/usermin/usermin-lib.pl
index 151fb60a8..d84404266 100755
--- a/usermin/usermin-lib.pl
+++ b/usermin/usermin-lib.pl
@@ -25,17 +25,21 @@ if (!defined($gconfig{'noselfwebminup'})) {
 else {
 	$access{'upgrade'} = !$gconfig{'noselfwebminup'};
 	}
+my $can_http_ssl = &can_use_http_ssl();
+my $http_proto = $can_http_ssl ? "https" : "http";
 
 $usermin_miniserv_config = "$config{'usermin_dir'}/miniserv.conf";
 $usermin_config = "$config{'usermin_dir'}/config";
 
-$update_host = "www.webmin.com";
-$update_port = 80;
+$update_host = "webmin.com";
+$update_ssl = $can_http_ssl;
+$update_port = $update_ssl ? 443 : 80;
 $update_page = "/uupdates/uupdates.txt";
 
 $standard_usermin_dir = "/etc/usermin";
-$latest_rpm = "http://www.webmin.com/download/usermin-latest.noarch.rpm";
-$latest_tgz = "http://www.webmin.com/download/usermin-latest.tar.gz";
+$latest_page_url = "$http_proto://$update_host/index6.html";
+$latest_rpm = "$http_proto://$update_host/download/usermin-latest.noarch.rpm";
+$latest_tgz = "$http_proto://$update_host/download/usermin-latest.tar.gz";
 
 $default_key_size = 2048;
 
diff --git a/web-lib-funcs.pl b/web-lib-funcs.pl
index 8c42b41d8..3eb6ad209 100755
--- a/web-lib-funcs.pl
+++ b/web-lib-funcs.pl
@@ -9456,6 +9456,21 @@ else {
 	}
 }
 
+=head2 can_use_http_ssl()
+
+Returns 1 if this Webmin process can make outbound HTTPS connections, or 0
+if the required Net::SSLeay Perl module is not available.
+
+=cut
+my $can_use_http_ssl_cache;
+sub can_use_http_ssl
+{
+return $can_use_http_ssl_cache if (defined($can_use_http_ssl_cache));
+eval "use Net::SSLeay";
+$can_use_http_ssl_cache = $@ ? 0 : 1;
+return $can_use_http_ssl_cache;
+}
+
 =head2 make_http_connection(host, port, ssl, method, page, [&headers],
 			    [&certreqs])
 
@@ -9497,8 +9512,7 @@ if (&is_readonly_mode()) {
 my $rv = { 'fh' => time().$$ };
 if ($ssl) {
 	# Connect using SSL
-	eval "use Net::SSLeay";
-	$@ && return $text{'link_essl'};
+	&can_use_http_ssl() || return $text{'link_essl'};
 	eval "Net::SSLeay::SSLeay_add_ssl_algorithms()";
 	eval "Net::SSLeay::OpenSSL_add_all_algorithms()";
 	eval "Net::SSLeay::load_error_strings()";
diff --git a/webmin/edit_ssl.cgi b/webmin/edit_ssl.cgi
index 54683e877..05804f8dc 100755
--- a/webmin/edit_ssl.cgi
+++ b/webmin/edit_ssl.cgi
@@ -29,7 +29,7 @@ get_miniserv_config(\%miniserv);
 $@ = undef;
 eval "use Net::SSLeay";
 if ($@) {
-	print text('ssl_essl', "http://www.webmin.com/ssl.html"),"<p>\n";
+	print text('ssl_essl', "https://webmin.com/ssl.html"),"<p>\n";
 	if (foreign_available("cpan")) {
 		print text('ssl_cpan', "../cpan/download.cgi?source=3&cpan=Net::SSLeay&mode=2&return=/$module_name/&returndesc=".urlize($text{'index_return'})),"<p>\n";
 		}
diff --git a/webmin/upgrade.cgi b/webmin/upgrade.cgi
index 10e75b056..cab56a921 100755
--- a/webmin/upgrade.cgi
+++ b/webmin/upgrade.cgi
@@ -187,7 +187,10 @@ if ($in{'sig'}) {
 			if ($in{'source'} == 2) {
 				# Download the key for this tar.gz
 				my ($sigtemp, $sigerror);
-				&http_download($update_host, $update_port, "/download/sigs/webmin-${full}${mini_type}.tar.gz-sig.asc", \$sigtemp, \$sigerror);
+				&http_download($update_host, $update_port,
+					       "/download/sigs/webmin-${full}${mini_type}.tar.gz-sig.asc",
+					       \$sigtemp, \$sigerror,
+					       undef, $update_ssl);
 				if ($sigerror) {
 					$ec = 4;
 					$emsg = &text('upgrade_edownsig',
diff --git a/webmin/webmin-lib.pl b/webmin/webmin-lib.pl
index 8660bb1a8..1a567c4ed 100755
--- a/webmin/webmin-lib.pl
+++ b/webmin/webmin-lib.pl
@@ -23,23 +23,27 @@ use Socket;
 
 our @cs_codes = ( 'cs_page', 'cs_text', 'cs_table', 'cs_header', 'cs_link' );
 our @cs_names = map { $text{$_} } @cs_codes;
+my $can_http_ssl = &can_use_http_ssl();
+my $http_proto = $can_http_ssl ? "https" : "http";
 
 our $osdn_host = "prdownloads.sourceforge.net";
 our $osdn_port = 80;
 
 our $update_host = "download.webmin.com";
-our $update_port = 80;
+our $update_ssl = $can_http_ssl;
+our $update_port = $update_ssl ? 443 : 80;
 our $update_page = "/updates/updates.txt";
-our $update_url = "http://$update_host:$update_port$update_page";
-our $redirect_host = "www.webmin.com";
-our $redirect_url = "http://$redirect_host/cgi-bin/redirect.cgi";
+our $update_url = "$http_proto://$update_host:$update_port$update_page";
+our $redirect_host = "webmin.com";
+our $redirect_url = "$http_proto://$redirect_host/cgi-bin/redirect.cgi";
 our $update_cache = "$module_config_directory/update-cache";
 if (!-r $update_cache) {
 	$update_cache = "$module_var_directory/update-cache";
 	}
 
-our $primary_host = "www.webmin.com";
-our $primary_port = 80;
+our $primary_host = "webmin.com";
+our $primary_ssl = $can_http_ssl;
+our $primary_port = $primary_ssl ? 443 : 80;
 
 our $webmin_key_email = "jcameron\@webmin.com";
 our $webmin_key_fingerprint = "1719 003A CE3E 5A41 E2DE  70DF D97A 3AE9 11F6 3C51";
@@ -53,12 +57,12 @@ our $authentic_key_fingerprint = "EC60 F3DA 9CB7 9ADC CF56  0D1F 121E 166D D9C8
 our $standard_host = $primary_host;
 our $standard_port = $primary_port;
 our $standard_page = "/download/modules/standard.txt";
-our $standard_ssl = 0;
+our $standard_ssl = $primary_ssl;
 
 our $third_host = $primary_host;
 our $third_port = $primary_port;
 our $third_page = "/cgi-bin/third.cgi";
-our $third_ssl = 0;
+our $third_ssl = $primary_ssl;
 
 our $default_key_size = "2048";
 
@@ -776,7 +780,7 @@ return (0);
 =head2 list_standard_modules
 
 Returns a list containing the short names, URLs and descriptions of the
-standard Webmin modules from www.webmin.com. If an error occurs, returns the
+standard Webmin modules from webmin.com. If an error occurs, returns the
 message instead.
 
 =cut
@@ -2488,7 +2492,7 @@ return wantarray ? (\%installed, \@changed) : \%installed;
 
 =head2 get_latest_webmin_version
 
-Returns 1 and the latest version of Webmin available on www.webmin.com, or
+Returns 1 and the latest version of Webmin available on webmin.com, or
 0 and an error message
 
 =cut
@@ -2496,7 +2500,8 @@ sub get_latest_webmin_version
 {
 my $file = &transname();
 my ($error, $version, $release);
-&http_download($primary_host, $primary_port, '/', $file, \$error, undef, 0,
+&http_download($primary_host, $primary_port, '/', $file, \$error, undef,
+	       $primary_ssl,
 	       undef, undef, 5);
 return (0, $error) if ($error);
 open(FILE, "<".$file);