From d4ec640ac806729c859670b345708b1891c3d37b Mon Sep 17 00:00:00 2001
From: Jocelyn Fiat <git@djoce.net>
Date: Fri, 14 Oct 2016 11:52:48 +0200
Subject: [PATCH] Renamed many classes and feature to use "secure" term instead
 of "ssl". (note, the .ecf are still using the "ssl" terminologie). Provided
 easy way to set secure settings for Standalone. For wsf launcher boolean
 option accept "true" or "yes" for True boolean, anything else is False.

---
 examples/debug/debug.ecf                      |   8 +-
 examples/debug/debug.ini                      |   2 +
 examples/simple/simple.ecf                    |  13 +-
 examples/simple/simple.ini                    |   5 +-
 examples/simple_ssl/{simple.crt => ca.crt}    |   0
 examples/simple_ssl/{simple.key => ca.key}    |   0
 examples/simple_ssl/simple.ini                |   8 +-
 examples/websocket/application.e              |  18 +--
 examples/websocket/application_execution.e    |  11 +-
 examples/websocket/ca.crt                     |  15 +++
 examples/websocket/ca.key                     |  15 +++
 examples/websocket/websocket_app.ecf          |   3 +
 examples/websocket/ws.ini                     |   4 +
 .../src/spec/net/net_http_client_request.e    |   6 +-
 .../http_network/http_network-safe.ecf        |   3 +-
 library/network/http_network/http_network.ecf |   7 ++
 .../http_network/src/http_stream_socket.e     |   6 +-
 .../src/no_ssl/http_secure_helper.e           |  18 +++
 ...l_socket.e => http_stream_secure_socket.e} |  36 +++++-
 .../http_network/src/ssl/http_secure_helper.e |  18 +++
 ...l_socket.e => http_stream_secure_socket.e} |  38 +++---
 ..._ext.e => http_stream_secure_socket_ext.e} |   2 +-
 ..._ext.e => http_stream_secure_socket_ext.e} |   2 +-
 .../example/ws_client/ws_client-safe.ecf      |   2 +-
 .../client/src/no_ssl/web_socket_client.e     |   6 +-
 .../client/src/ssl/web_socket_client.e        |  32 ++---
 .../network/websocket/client/src/web_socket.e |   3 +-
 .../client/src/web_socket_client_i.e          |  31 +++--
 .../websocket/client/src/web_socket_impl.e    |  10 +-
 .../websocket/client/web_socket_client.ecf    |  35 ++----
 .../echo_websocket_server/application.e       |   4 +-
 .../example/echo_websocket_server/ca.crt      |  15 +++
 .../example/echo_websocket_server/ca.key      |  15 +++
 .../echo_websocket_server-safe.ecf            |  10 +-
 .../configuration/httpd_configuration_i.e     | 102 ++++++++--------
 .../httpd/configuration/httpd_constants.e     |   3 +
 library/server/httpd/httpd-safe.ecf           |   3 +
 .../server/httpd/httpd_request_handler_i.e    |   2 +-
 library/server/httpd/httpd_server_i.e         |   2 +-
 .../httpd/network/httpd_socket_factory.e      |   2 +-
 ..._socket.e => httpd_stream_secure_socket.e} |   6 +-
 .../server/httpd/no_ssl/httpd_configuration.e |  22 ++--
 .../server/httpd/ssl/httpd_configuration.e    |  38 +++---
 library/server/httpd/ssl/httpd_server.e       |  22 ++--
 .../wsf_standalone_service_launcher.e         |  58 +++++----
 .../wsf_standalone_service_options.e          | 114 +++++++++++-------
 .../service/wsf_service_launcher_options.e    |   6 +
 47 files changed, 483 insertions(+), 298 deletions(-)
 create mode 100644 examples/debug/debug.ini
 rename examples/simple_ssl/{simple.crt => ca.crt} (100%)
 rename examples/simple_ssl/{simple.key => ca.key} (100%)
 create mode 100644 examples/websocket/ca.crt
 create mode 100644 examples/websocket/ca.key
 create mode 100644 library/network/http_network/src/no_ssl/http_secure_helper.e
 rename library/network/http_network/src/no_ssl/{http_stream_ssl_socket.e => http_stream_secure_socket.e} (52%)
 create mode 100644 library/network/http_network/src/ssl/http_secure_helper.e
 rename library/network/http_network/src/ssl/{http_stream_ssl_socket.e => http_stream_secure_socket.e} (85%)
 rename library/network/http_network/src/ssl/{http_stream_ssl_socket_ext.e => http_stream_secure_socket_ext.e} (93%)
 rename library/network/http_network/src/until_16_05/ssl/{http_stream_ssl_socket_ext.e => http_stream_secure_socket_ext.e} (96%)
 create mode 100644 library/network/websocket/server/example/echo_websocket_server/ca.crt
 create mode 100644 library/network/websocket/server/example/echo_websocket_server/ca.key
 rename library/server/httpd/network/{httpd_stream_ssl_socket.e => httpd_stream_secure_socket.e} (92%)

diff --git a/examples/debug/debug.ecf b/examples/debug/debug.ecf
index 2d625508..b7e9eb0f 100644
--- a/examples/debug/debug.ecf
+++ b/examples/debug/debug.ecf
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-13-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-13-0 http://www.eiffel.com/developers/xml/configuration-1-13-0.xsd" name="debug" uuid="AA458565-7711-4BE1-ADA3-91716EABFA21" library_target="debug">
+<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-13-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-13-0 http://www.eiffel.com/developers/xml/configuration-1-13-0.xsd" name="debug" uuid="AA458565-7711-4BE1-ADA3-91716EABFA21" library_target="debug_standalone">
 	<target name="common" abstract="true">
 		<file_rule>
 			<exclude>/EIFGENs$</exclude>
@@ -18,7 +18,7 @@
 	</target>
 	<target name="debug_any" extends="common">
 		<root class="EWF_DEBUG_SERVER" feature="make_and_launch"/>
-		<setting name="concurrency" value="thread"/>
+		<setting name="concurrency" value="scoop"/>
 		<library name="cgi" location="..\..\library\server\wsf\connector\cgi-safe.ecf" readonly="false"/>
 		<library name="libfcgi" location="..\..\library\server\wsf\connector\libfcgi-safe.ecf" readonly="false"/>
 		<library name="standalone" location="..\..\library\server\wsf\connector\standalone-safe.ecf" readonly="false"/>
@@ -27,7 +27,7 @@
 	</target>
 	<target name="debug_standalone" extends="common">
 		<root class="EWF_DEBUG_SERVER" feature="make_and_launch"/>
-		<setting name="concurrency" value="thread"/>
+		<setting name="concurrency" value="scoop"/>
 		<library name="default_standalone" location="..\..\library\server\wsf\default\standalone-safe.ecf" readonly="false"/>
 		<cluster name="launcher" location=".\launcher\default\" recursive="true"/>
 		<cluster name="src" location=".\src\" recursive="true"/>
@@ -44,6 +44,4 @@
 		<cluster name="launcher" location=".\launcher\default\" recursive="true"/>
 		<cluster name="src" location=".\src\" recursive="true"/>
 	</target>
-	<target name="debug" extends="debug_standalone">
-	</target>
 </system>
diff --git a/examples/debug/debug.ini b/examples/debug/debug.ini
new file mode 100644
index 00000000..abab4e03
--- /dev/null
+++ b/examples/debug/debug.ini
@@ -0,0 +1,2 @@
+port=9090
+verbose=true
diff --git a/examples/simple/simple.ecf b/examples/simple/simple.ecf
index dcdf618a..4aaeac1f 100644
--- a/examples/simple/simple.ecf
+++ b/examples/simple/simple.ecf
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-15-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-15-0 http://www.eiffel.com/developers/xml/configuration-1-15-0.xsd" name="simple" uuid="C28C4F53-9963-46C0-A080-8F13E94E7486" library_target="simple">
+<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-15-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-15-0 http://www.eiffel.com/developers/xml/configuration-1-15-0.xsd" name="simple" uuid="C28C4F53-9963-46C0-A080-8F13E94E7486" library_target="simple_standalone">
 	<target name="common" abstract="true">
 		<file_rule>
 			<exclude>/.svn$</exclude>
@@ -16,13 +16,20 @@
 	</target>
 	<target name="simple_standalone" extends="common">
 		<root class="APPLICATION" feature="make_and_launch"/>
-		<option warning="true" is_attached_by_default="true" void_safety="all" syntax="transitional">
+		<option debug="false" warning="true" is_attached_by_default="true" void_safety="all" syntax="transitional">
+			<debug name="dbglog" enabled="true"/>
 			<assertions precondition="true" postcondition="true" check="true" invariant="true" loop="true" supplier_precondition="true"/>
 		</option>
 		<setting name="concurrency" value="scoop"/>
 		<library name="default_standalone" location="..\..\library\server\wsf\default\standalone-safe.ecf"/>
 		<cluster name="simple" location=".\" recursive="true"/>
 	</target>
+	<target name="simple_standalone_mt" extends="simple_standalone">
+		<setting name="concurrency" value="thread"/>
+	</target>
+	<target name="simple_standalone_st" extends="simple_standalone">
+		<setting name="concurrency" value="none"/>
+	</target>
 	<target name="simple_cgi" extends="common">
 		<root class="APPLICATION" feature="make_and_launch"/>
 		<option warning="true" is_attached_by_default="true" void_safety="transitional" syntax="transitional">
@@ -39,6 +46,4 @@
 		<library name="default_libfcgi" location="..\..\library\server\wsf\default\libfcgi-safe.ecf"/>
 		<cluster name="simple" location=".\" recursive="true"/>
 	</target>
-	<target name="simple" extends="simple_standalone">
-	</target>
 </system>
diff --git a/examples/simple/simple.ini b/examples/simple/simple.ini
index ae90215c..33266fcd 100644
--- a/examples/simple/simple.ini
+++ b/examples/simple/simple.ini
@@ -2,7 +2,8 @@ verbose=true
 verbose_level=ALERT
 port=9090
 #max_concurrent_connections=100
-#keep_alive_timeout=15
+keep_alive_timeout=3
 #max_tcp_clients=100
-#socket_timeout=300
+socket_timeout=60
+socket_recv_timeout=15
 #max_keep_alive_requests=300
diff --git a/examples/simple_ssl/simple.crt b/examples/simple_ssl/ca.crt
similarity index 100%
rename from examples/simple_ssl/simple.crt
rename to examples/simple_ssl/ca.crt
diff --git a/examples/simple_ssl/simple.key b/examples/simple_ssl/ca.key
similarity index 100%
rename from examples/simple_ssl/simple.key
rename to examples/simple_ssl/ca.key
diff --git a/examples/simple_ssl/simple.ini b/examples/simple_ssl/simple.ini
index 2ec39e14..5f3fda5c 100644
--- a/examples/simple_ssl/simple.ini
+++ b/examples/simple_ssl/simple.ini
@@ -17,11 +17,11 @@ port=9090
 #keep_alive_timeout=15
 #max_keep_alive_requests=100
 
-### SSL settings
+### Secure connection settings
 # enable SSL, with file certificate.
-ssl_enabled=true
-ssl_ca_key=simple.key
-ssl_ca_crt=simple.crt
+is_secure=true
+secure_certificate=ca.crt
+secure_certificate_key=ca.key
 
 ### App settings
 verbose=true
diff --git a/examples/websocket/application.e b/examples/websocket/application.e
index 72f4f627..31f6c841 100644
--- a/examples/websocket/application.e
+++ b/examples/websocket/application.e
@@ -14,16 +14,18 @@ feature {NONE} -- Initialization
 	make_and_launch
 		local
 			l_launcher: WSF_STANDALONE_WEBSOCKET_SERVICE_LAUNCHER [APPLICATION_EXECUTION]
-			opts: WSF_SERVICE_LAUNCHER_OPTIONS
+			opts: WSF_STANDALONE_WEBSOCKET_SERVICE_OPTIONS
 		do
-			create {WSF_SERVICE_LAUNCHER_OPTIONS_FROM_INI} opts.make_from_file ("ws.ini")
-			create l_launcher.make_and_launch (options)
-		end
+			create opts
+			if opts.is_secure_connection_supported then
+				opts.is_secure := True
+				opts.set_secure_protocol_to_tls_1_2
+				opts.secure_certificate := "ca.crt"
+				opts.secure_certificate_key := "ca.key"
+			end
 
-	options: WSF_SERVICE_LAUNCHER_OPTIONS
-			-- Initialize current service.
-		do
-			create {WSF_SERVICE_LAUNCHER_OPTIONS_FROM_INI} Result.make_from_file ("ws.ini")
+			opts.import_ini_file_options ("ws.ini")
+			create l_launcher.make_and_launch (opts)
 		end
 
 end
diff --git a/examples/websocket/application_execution.e b/examples/websocket/application_execution.e
index 92f82bec..fc920446 100644
--- a/examples/websocket/application_execution.e
+++ b/examples/websocket/application_execution.e
@@ -88,7 +88,7 @@ feature -- HTML Resource
 <!DOCTYPE html>
 <html>
 <head>
-<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
+<script src="##HTTPSCHEME##://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
 <script type="text/javascript">
 $(document).ready(function() {
 
@@ -96,7 +96,7 @@ $(document).ready(function() {
 
 	function connect(){
 
-			var host = "ws://127.0.0.1:##PORTNUMBER##";
+			var host = "##WSSCHEME##://127.0.0.1:##PORTNUMBER##";
 
 			try{
 				socket = new WebSocket(host);
@@ -178,6 +178,13 @@ body {font-family:Arial, Helvetica, sans-serif;}
 </html>
 			]"
 			Result.replace_substring_all ("##PORTNUMBER##", a_port.out)
+			if request.is_https then
+				Result.replace_substring_all ("##HTTPSCHEME##", "https")
+				Result.replace_substring_all ("##WSSCHEME##", "wss")
+			else
+				Result.replace_substring_all ("##HTTPSCHEME##", "http")
+				Result.replace_substring_all ("##WSSCHEME##", "ws")
+			end
 		end
 
 
diff --git a/examples/websocket/ca.crt b/examples/websocket/ca.crt
new file mode 100644
index 00000000..6147c200
--- /dev/null
+++ b/examples/websocket/ca.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAcGgAwIBAgIJAJnXGtV+PtiYMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTUwNDAzMjIxNTA0WhcNMTYwNDAyMjIxNTA0WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDFMK6ojzg+KlklhTossR13c51izMgGc3B0z9ttfHIcx2kxra3HtHcKIl5wSUvn
+G8zmSyFAyQTs5LUv65q46FM9qU8tP+vTeFCfNXvjRcIEpouta3J53K0xuUlxz4d4
+4D6qvdDWAez/0AkI4y5etW5zXtg7IQorJhsI9TmfGuruzwIDAQABo1AwTjAdBgNV
+HQ4EFgQUbWpk2HoHa0YqpEwr7CGEatBFTMkwHwYDVR0jBBgwFoAUbWpk2HoHa0Yq
+pEwr7CGEatBFTMkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAi+h4/
+IgEocWkdRZBKHEcTrRxz5WhEDJMoVo9LhnXvCfn1G/4p6Un6sYv7Xzpi9NuSY8uV
+cjfJJXhtF3AtyZ70iTAxWaRWjGaZ03PYOjlledJ5rqJEt6CCn8m+JsfznduZvbxQ
+zQ6jCLXfyD/tvemB+yYEI3NntvRKx5/zt6Q26Q==
+-----END CERTIFICATE-----
diff --git a/examples/websocket/ca.key b/examples/websocket/ca.key
new file mode 100644
index 00000000..e5e22a52
--- /dev/null
+++ b/examples/websocket/ca.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDFMK6ojzg+KlklhTossR13c51izMgGc3B0z9ttfHIcx2kxra3H
+tHcKIl5wSUvnG8zmSyFAyQTs5LUv65q46FM9qU8tP+vTeFCfNXvjRcIEpouta3J5
+3K0xuUlxz4d44D6qvdDWAez/0AkI4y5etW5zXtg7IQorJhsI9TmfGuruzwIDAQAB
+AoGAR5efMg+dieRyLU8rieJcImxVbfOPg9gRsjdtIVkXTR+RL7ow59q7hXBo/Td/
+WU8cm1gXoJ/bK+71YYqWyB+BaLRIWvRWb7Gdw203tu4e136Ca5uuY+71qdbVTVcl
+NQ7J+T+eAQFP+a+DdT3ZQxu9eze87SMbu6i5YSpIk2kusOECQQDunv/DQ+nc+NgR
+DF+Td3sNYUVRT9a1CWi6abAG6reXwp8MS4NobWDf+Ps4JODhEEwlIdq5qL7qqYBZ
+Gc1TJJ53AkEA0404Fn6vAzzegBcS4RLlYTK7nMr0m4pMmDMCI6YzAYdMmKHp1e6f
+IwxSmQrmwyAgwcT01bc0+A8yipcC2BWQaQJBAJ01QZm635OGmos41KsKF5bsE8gL
+SpBBH69Yu/ECqGwie7iU84FUNnO4zIHjwghlPVVlZX3Vz9o4S+fn2N9DC+cCQGyZ
+QyCxGdC0r5fbwHJQS/ZQn+UGfvlVzqoXDVMVn3t6ZES6YZrT61eHnOM5qGqklIxE
+Old3vDZXPt/MU8Zvk3kCQBOgUx2VxvTrHN37hk9/QIDiM62+RenBm1M3ah8xTosf
+1mSeEb6d9Kwb3TgPBmA7YXzJuAQfRIvEPMPxT5SSr6Q=
+-----END RSA PRIVATE KEY-----
diff --git a/examples/websocket/websocket_app.ecf b/examples/websocket/websocket_app.ecf
index 13f95276..3a7324ba 100644
--- a/examples/websocket/websocket_app.ecf
+++ b/examples/websocket/websocket_app.ecf
@@ -18,4 +18,7 @@
 		<library name="wsf" location="..\..\library\server\wsf\wsf-safe.ecf"/>
 		<cluster name="app" location=".\" recursive="true"/>
 	</target>
+	<target name="websocket_app_ssl" extends="websocket_app">
+		<variable name="ssl_enabled" value="true"/>
+	</target>
 </system>
diff --git a/examples/websocket/ws.ini b/examples/websocket/ws.ini
index b04bd038..49c92f32 100644
--- a/examples/websocket/ws.ini
+++ b/examples/websocket/ws.ini
@@ -6,3 +6,7 @@ keep_alive_timeout=35
 max_tcp_clients=100
 socket_timeout=30000
 max_keep_alive_requests=3000
+
+is_secure=false
+secure_certificate=ca.crt
+secure_certificate_key=ca.key
diff --git a/library/network/http_client/src/spec/net/net_http_client_request.e b/library/network/http_client/src/spec/net/net_http_client_request.e
index 5de2cf0d..6269c682 100644
--- a/library/network/http_client/src/spec/net/net_http_client_request.e
+++ b/library/network/http_client/src/spec/net/net_http_client_request.e
@@ -40,12 +40,12 @@ feature {NONE} -- Internal
 			then
 				l_socket := l_persistent_connection.socket
 				if a_is_https then
-					if attached {HTTP_STREAM_SSL_SOCKET} l_socket as l_ssl_socket then
+					if attached {HTTP_STREAM_SECURE_SOCKET} l_socket as l_ssl_socket then
 						Result := l_ssl_socket
 					else
 						l_socket := Void
 					end
-				elseif attached {HTTP_STREAM_SSL_SOCKET} l_socket as l_ssl_socket then
+				elseif attached {HTTP_STREAM_SECURE_SOCKET} l_socket as l_ssl_socket then
 					l_socket := Void
 				end
 				if l_socket /= Void and then not l_socket.is_connected then
@@ -59,7 +59,7 @@ feature {NONE} -- Internal
 			else
 				session.set_persistent_connection (Void)
 				if a_is_https then
-					create {HTTP_STREAM_SSL_SOCKET} Result.make_client_by_port (a_port, a_host)
+					create {HTTP_STREAM_SECURE_SOCKET} Result.make_client_by_port (a_port, a_host)
 				else
 					create Result.make_client_by_port (a_port, a_host)
 				end
diff --git a/library/network/http_network/http_network-safe.ecf b/library/network/http_network/http_network-safe.ecf
index 4924a1d1..7a03f5d8 100644
--- a/library/network/http_network/http_network-safe.ecf
+++ b/library/network/http_network/http_network-safe.ecf
@@ -22,7 +22,7 @@
 			</condition>
 		</external_include>
 		<library name="base" location="$ISE_LIBRARY\library\base\base-safe.ecf"/>
-		<library name="net" location="$ISE_LIBRARY\library\net\net-safe.ecf" readonly="false"/>
+		<library name="net" location="$ISE_LIBRARY\library\net\net-safe.ecf"/>
 		<library name="net_ssl" location="$ISE_LIBRARY\unstable\library\network\socket\netssl\net_ssl-safe.ecf">
 			<condition>
 				<custom name="ssl_enabled" value="true"/>
@@ -94,6 +94,5 @@
 				</condition>
 			</cluster>
 		</cluster>
-		
 	</target>
 </system>
diff --git a/library/network/http_network/http_network.ecf b/library/network/http_network/http_network.ecf
index c828be6c..7d7d723c 100644
--- a/library/network/http_network/http_network.ecf
+++ b/library/network/http_network/http_network.ecf
@@ -41,6 +41,13 @@
 					<version type="compiler" max="16.11.0.0"/>
 				</condition>
 			</file_rule>
+			<cluster name="disabled_ssl_network" location="$|no_ssl\" recursive="true">
+				<condition>
+					<custom name="ssl_enabled" excluded_value="true"/>
+					<custom name="net_ssl_enabled" excluded_value="true"/>
+					<custom name="httpd_ssl_enabled" excluded_value="true"/>
+				</condition>
+			</cluster>
 			<cluster name="ssl_network" location="$|ssl\" recursive="true">
 				<condition>
 					<custom name="ssl_enabled" value="true"/>
diff --git a/library/network/http_network/src/http_stream_socket.e b/library/network/http_network/src/http_stream_socket.e
index 08a5925a..ae900aef 100644
--- a/library/network/http_network/src/http_stream_socket.e
+++ b/library/network/http_network/src/http_stream_socket.e
@@ -21,10 +21,12 @@ create {NETWORK_STREAM_SOCKET}
 
 feature -- Status report
 
-	is_ssl_supported: BOOLEAN
-			-- SSL supported?
+	is_secure_connection_supported: BOOLEAN
+			-- SSL/TLS supported?
 		once
 			Result := False
+		ensure
+			Result = {HTTP_SECURE_HELPER}.is_secure_connection_supported
 		end
 
 feature -- Input	
diff --git a/library/network/http_network/src/no_ssl/http_secure_helper.e b/library/network/http_network/src/no_ssl/http_secure_helper.e
new file mode 100644
index 00000000..6ba01ec3
--- /dev/null
+++ b/library/network/http_network/src/no_ssl/http_secure_helper.e
@@ -0,0 +1,18 @@
+note
+	description: "[
+			Interface helping using SSL.
+			For now, mainly for `is_secure_connection_supported' to indicate if current project is compiled with SSL support.
+			i.e compiled with EiffelNet-SSL library.
+		]"
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	HTTP_SECURE_HELPER
+
+feature -- Status
+
+	is_secure_connection_supported: BOOLEAN = False
+			-- Is Current system compiled with EiffelNet-SSL support?
+
+end
diff --git a/library/network/http_network/src/no_ssl/http_stream_ssl_socket.e b/library/network/http_network/src/no_ssl/http_stream_secure_socket.e
similarity index 52%
rename from library/network/http_network/src/no_ssl/http_stream_ssl_socket.e
rename to library/network/http_network/src/no_ssl/http_stream_secure_socket.e
index f69f1a89..77604a0a 100644
--- a/library/network/http_network/src/no_ssl/http_stream_ssl_socket.e
+++ b/library/network/http_network/src/no_ssl/http_stream_secure_socket.e
@@ -7,7 +7,7 @@ note
 	revision: "$Revision$"
 
 class
-	HTTP_STREAM_SSL_SOCKET
+	HTTP_STREAM_SECURE_SOCKET
 
 inherit
 	HTTP_STREAM_SOCKET
@@ -17,7 +17,7 @@ create
 	make_client_by_port, make_client_by_address_and_port,
 	make_server_by_port, make_server_by_address_and_port, make_loopback_server_by_port
 
-create {HTTP_STREAM_SSL_SOCKET}
+create {HTTP_STREAM_SECURE_SOCKET}
 	make_from_descriptor_and_address
 
 feature -- Element change	
@@ -29,9 +29,39 @@ feature -- Element change
 	set_key_file_path (a_key_filename: PATH)
 		do
 		end
+feature -- SSL Helpers
+
+	set_secure_protocol (v: NATURAL)
+		do
+		end
+
+	set_secure_protocol_to_ssl_2_or_3
+			-- Set `ssl_protocol' with `Ssl_23'.
+		do
+		end
+
+	set_secure_protocol_to_tls_1_0
+			-- Set `ssl_protocol' with `Tls_1_0'.
+		do
+		end
+
+	set_secure_protocol_to_tls_1_1
+			-- Set `ssl_protocol' with `Tls_1_1'.
+		do
+		end
+
+	set_secure_protocol_to_tls_1_2
+			-- Set `ssl_protocol' with `Tls_1_2'.
+		do
+		end
+
+	set_secure_protocol_to_dtls_1_0
+			-- Set `ssl_protocol' with `Dtls_1_0'.
+		do
+		end
 
 invariant
-	ssl_not_supported: not is_ssl_supported -- Current is a Fake SSL interface!
+	secure_connection_not_supported: not is_secure_connection_supported -- Current is a Fake SSL interface!
 note
 	copyright: "2011-2013, Javier Velilla, Jocelyn Fiat and others"
 	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
diff --git a/library/network/http_network/src/ssl/http_secure_helper.e b/library/network/http_network/src/ssl/http_secure_helper.e
new file mode 100644
index 00000000..1568b2f5
--- /dev/null
+++ b/library/network/http_network/src/ssl/http_secure_helper.e
@@ -0,0 +1,18 @@
+note
+	description: "[
+			Interface helping using SSL.
+			For now, mainly for `is_secure_connection_supported' to indicate if current project is compiled with SSL support.
+			i.e compiled with EiffelNet-SSL library.
+		]"
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	HTTP_SECURE_HELPER
+
+feature -- Status
+
+	is_secure_connection_supported: BOOLEAN = True
+			-- Is Current system compiled with EiffelNet-SSL support?
+
+end
diff --git a/library/network/http_network/src/ssl/http_stream_ssl_socket.e b/library/network/http_network/src/ssl/http_stream_secure_socket.e
similarity index 85%
rename from library/network/http_network/src/ssl/http_stream_ssl_socket.e
rename to library/network/http_network/src/ssl/http_stream_secure_socket.e
index 45fc71e5..1d8686c5 100644
--- a/library/network/http_network/src/ssl/http_stream_ssl_socket.e
+++ b/library/network/http_network/src/ssl/http_stream_secure_socket.e
@@ -4,7 +4,7 @@ note
 	revision: "$Revision$"
 
 class
-	HTTP_STREAM_SSL_SOCKET
+	HTTP_STREAM_SECURE_SOCKET
 
 inherit
 	HTTP_STREAM_SOCKET
@@ -20,7 +20,7 @@ inherit
 			connect, shutdown,
 			do_accept
 		redefine
-			is_ssl_supported,
+			is_secure_connection_supported,
 			put_managed_pointer,
 			read_stream_noexception,
 			read_into_pointer_noexception,
@@ -32,7 +32,7 @@ inherit
 			put_managed_pointer -- Redefine to allow support of compiler before 16.11.
 		end
 
-	HTTP_STREAM_SSL_SOCKET_EXT
+	HTTP_STREAM_SECURE_SOCKET_EXT
 
 create
 	make, make_empty,
@@ -44,42 +44,44 @@ create {SSL_NETWORK_STREAM_SOCKET}
 
 feature -- Status report
 
-	is_ssl_supported: BOOLEAN
+	is_secure_connection_supported: BOOLEAN = True
 			-- SSL supported?
-		once
-			Result := True
+
+feature -- Secure connection Helpers
+
+	set_secure_protocol (v: NATURAL)
+		do
+			set_tls_protocol (v)
 		end
 
-feature -- SSL Helpers
-
-	set_ssl_protocol_to_ssl_2_or_3
+	set_secure_protocol_to_ssl_2_or_3
 			-- Set `ssl_protocol' with `Ssl_23'.
 		do
-			set_tls_protocol ({SSL_PROTOCOL}.Ssl_23)
+			set_secure_protocol ({SSL_PROTOCOL}.Ssl_23)
 		end
 
-	set_ssl_protocol_to_tls_1_0
+	set_secure_protocol_to_tls_1_0
 			-- Set `ssl_protocol' with `Tls_1_0'.
 		do
-			set_tls_protocol ({SSL_PROTOCOL}.Tls_1_0)
+			set_secure_protocol ({SSL_PROTOCOL}.Tls_1_0)
 		end
 
-	set_ssl_protocol_to_tls_1_1
+	set_secure_protocol_to_tls_1_1
 			-- Set `ssl_protocol' with `Tls_1_1'.
 		do
-			set_tls_protocol ({SSL_PROTOCOL}.Tls_1_1)
+			set_secure_protocol ({SSL_PROTOCOL}.Tls_1_1)
 		end
 
-	set_ssl_protocol_to_tls_1_2
+	set_secure_protocol_to_tls_1_2
 			-- Set `ssl_protocol' with `Tls_1_2'.
 		do
-			set_tls_protocol ({SSL_PROTOCOL}.Tls_1_2)
+			set_secure_protocol ({SSL_PROTOCOL}.Tls_1_2)
 		end
 
-	set_ssl_protocol_to_dtls_1_0
+	set_secure_protocol_to_dtls_1_0
 			-- Set `ssl_protocol' with `Dtls_1_0'.
 		do
-			set_tls_protocol ({SSL_PROTOCOL}.Dtls_1_0)
+			set_secure_protocol ({SSL_PROTOCOL}.Dtls_1_0)
 		end
 
 feature -- Input
diff --git a/library/network/http_network/src/ssl/http_stream_ssl_socket_ext.e b/library/network/http_network/src/ssl/http_stream_secure_socket_ext.e
similarity index 93%
rename from library/network/http_network/src/ssl/http_stream_ssl_socket_ext.e
rename to library/network/http_network/src/ssl/http_stream_secure_socket_ext.e
index 64df0d9e..504ce3f0 100644
--- a/library/network/http_network/src/ssl/http_stream_ssl_socket_ext.e
+++ b/library/network/http_network/src/ssl/http_stream_secure_socket_ext.e
@@ -6,7 +6,7 @@ note
 		]"
 
 deferred class
-	HTTP_STREAM_SSL_SOCKET_EXT
+	HTTP_STREAM_SECURE_SOCKET_EXT
 
 feature {NONE} -- SSL bridge
 
diff --git a/library/network/http_network/src/until_16_05/ssl/http_stream_ssl_socket_ext.e b/library/network/http_network/src/until_16_05/ssl/http_stream_secure_socket_ext.e
similarity index 96%
rename from library/network/http_network/src/until_16_05/ssl/http_stream_ssl_socket_ext.e
rename to library/network/http_network/src/until_16_05/ssl/http_stream_secure_socket_ext.e
index e5efd1e5..6edcc3f2 100644
--- a/library/network/http_network/src/until_16_05/ssl/http_stream_ssl_socket_ext.e
+++ b/library/network/http_network/src/until_16_05/ssl/http_stream_secure_socket_ext.e
@@ -6,7 +6,7 @@ note
 		]"
 
 deferred class
-	HTTP_STREAM_SSL_SOCKET_EXT
+	HTTP_STREAM_SECURE_SOCKET_EXT
 
 feature {NONE} -- SSL bridge
 
diff --git a/library/network/websocket/client/example/ws_client/ws_client-safe.ecf b/library/network/websocket/client/example/ws_client/ws_client-safe.ecf
index c3f59bd3..cc650ee8 100644
--- a/library/network/websocket/client/example/ws_client/ws_client-safe.ecf
+++ b/library/network/websocket/client/example/ws_client/ws_client-safe.ecf
@@ -20,6 +20,6 @@
 		<setting name="concurrency" value="thread"/>
 	</target>
 	<target name="ws_client_ssl" extends="ws_client">
-		<variable name="net_ssl_enabled" value="true"/>
+		<variable name="ssl_enabled" value="true"/>
 	</target>
 </system>
diff --git a/library/network/websocket/client/src/no_ssl/web_socket_client.e b/library/network/websocket/client/src/no_ssl/web_socket_client.e
index 9fa65e66..9c583943 100644
--- a/library/network/websocket/client/src/no_ssl/web_socket_client.e
+++ b/library/network/websocket/client/src/no_ssl/web_socket_client.e
@@ -14,14 +14,14 @@ inherit
 
 feature -- Status report
 
-	is_ssl_supported: BOOLEAN = False
+	is_secure_connection_supported: BOOLEAN = False
 
 feature -- Factory
 
 	new_socket (a_port: INTEGER; a_host: STRING): HTTP_STREAM_SOCKET
 		do
-			if is_tunneled then
-				check ssl_supported: False end
+			if is_secure then
+				check is_secure_connection_supported: False end
 			end
 			create {HTTP_STREAM_SOCKET} Result.make_client_by_port (a_port, a_host)
 		end
diff --git a/library/network/websocket/client/src/ssl/web_socket_client.e b/library/network/websocket/client/src/ssl/web_socket_client.e
index 13784ae2..12dae408 100644
--- a/library/network/websocket/client/src/ssl/web_socket_client.e
+++ b/library/network/websocket/client/src/ssl/web_socket_client.e
@@ -14,37 +14,37 @@ inherit
 
 feature -- Status report
 
-	is_ssl_supported: BOOLEAN = True
+	is_secure_connection_supported: BOOLEAN = True
 
 feature -- Factory
 
 	new_socket (a_port: INTEGER; a_host: STRING): HTTP_STREAM_SOCKET
 		local
-			l_ssl: HTTP_STREAM_SSL_SOCKET
+			l_secure: HTTP_STREAM_SECURE_SOCKET
 		do
-			if is_tunneled then
-				create l_ssl.make_client_by_port (a_port, a_host)
-				Result := l_ssl
-				if attached ssl_protocol as l_prot then
+			if is_secure then
+				create l_secure.make_client_by_port (a_port, a_host)
+				Result := l_secure
+				if attached secure_protocol as l_prot then
 					if l_prot.is_case_insensitive_equal ("ssl_2_3") then
-						l_ssl.set_ssl_protocol_to_ssl_2_or_3
+						l_secure.set_secure_protocol_to_ssl_2_or_3
 					elseif l_prot.is_case_insensitive_equal ("tls_1_0") then
-						l_ssl.set_ssl_protocol_to_tls_1_0
+						l_secure.set_secure_protocol_to_tls_1_0
 					elseif l_prot.is_case_insensitive_equal ("tls_1_1") then
-						l_ssl.set_ssl_protocol_to_tls_1_1
+						l_secure.set_secure_protocol_to_tls_1_1
 					elseif l_prot.is_case_insensitive_equal ("tls_1_2") then
-						l_ssl.set_ssl_protocol_to_tls_1_2
+						l_secure.set_secure_protocol_to_tls_1_2
 					elseif l_prot.is_case_insensitive_equal ("dtls_1_0") then
-						l_ssl.set_ssl_protocol_to_dtls_1_0
+						l_secure.set_secure_protocol_to_dtls_1_0
 					else -- Default
-						l_ssl.set_ssl_protocol_to_tls_1_2
+						l_secure.set_secure_protocol_to_tls_1_2
 					end
 				end
-				if attached ssl_key_file as k then
-					l_ssl.set_key_file_path (k)
+				if attached secure_certificate_file as c then
+					l_secure.set_certificate_file_path (c)
 				end
-				if attached ssl_certificate_file as c then
-					l_ssl.set_certificate_file_path (c)
+				if attached secure_certificate_key_file as k then
+					l_secure.set_key_file_path (k)
 				end
 			else
 				create {HTTP_STREAM_SOCKET} Result.make_client_by_port (a_port, a_host)
diff --git a/library/network/websocket/client/src/web_socket.e b/library/network/websocket/client/src/web_socket.e
index a3d7ed26..fc023fe5 100644
--- a/library/network/websocket/client/src/web_socket.e
+++ b/library/network/websocket/client/src/web_socket.e
@@ -11,7 +11,6 @@ deferred class
 	WEB_SOCKET
 
 inherit
-
 	WEB_SOCKET_CONSTANTS
 
 feature -- Access
@@ -37,7 +36,7 @@ feature -- Access
 			-- Has the result fo protocol negotiation between client and the server
 			-- By default it's an empty string.
 
-	is_tunneled: BOOLEAN
+	is_secure: BOOLEAN
 			-- Is the current connection tunneled over TLS/SSL?
 		local
 			l_uri: STRING
diff --git a/library/network/websocket/client/src/web_socket_client_i.e b/library/network/websocket/client/src/web_socket_client_i.e
index 288ef06d..029eb66b 100644
--- a/library/network/websocket/client/src/web_socket_client_i.e
+++ b/library/network/websocket/client/src/web_socket_client_i.e
@@ -10,7 +10,6 @@ deferred class
 	WEB_SOCKET_CLIENT_I
 
 inherit
-
 	WEB_SOCKET_SUBSCRIBER
 		redefine
 			on_websocket_error,
@@ -106,39 +105,39 @@ feature -- Access
 	server_handshake: WEB_SOCKET_HANDSHAKE_DATA
 			-- Handshake data received from the server
 
-feature -- Access: ssl
+feature -- Access: secure
 
-	is_ssl_supported: BOOLEAN
+	is_secure_connection_supported: BOOLEAN
 			-- Is SSL supported?
 		deferred
 		end
 
-	ssl_protocol: detachable READABLE_STRING_GENERAL
-			-- SSL protocol , if `is_ssl_supported'.
+	secure_protocol: detachable READABLE_STRING_GENERAL
+			-- SSL protocol , if `is_secure_connection_supported'.
 
-	ssl_certificate_file: detachable PATH
-			-- SSL certificate file , if `is_ssl_supported'.
+	secure_certificate_file: detachable PATH
+			-- SSL certificate file , if `is_secure_connection_supported'.
 
-	ssl_key_file: detachable PATH
-			-- SSL key file , if `is_ssl_supported'.
+	secure_certificate_key_file: detachable PATH
+			-- SSL key file , if `is_secure_connection_supported'.
 
 feature -- Element change
 
-	set_ssl_protocol (a_prot: like ssl_protocol)
+	set_secure_protocol (a_prot: like secure_protocol)
 		do
-			ssl_protocol := a_prot
+			secure_protocol := a_prot
 		end
 
-	set_ssl_certificate_file (p: detachable PATH)
+	set_secure_certificate_file (p: detachable PATH)
 			-- Set SSL certificate from file at `p'.
 		do
-			ssl_certificate_file := p
+			secure_certificate_file := p
 		end
 
-	set_ssl_key_file (p: detachable PATH)
+	set_secure_certificate_key_file (p: detachable PATH)
 			-- Set SSL key from file at `p'.
 		do
-			ssl_key_file := p
+			secure_certificate_key_file := p
 		end
 
 feature -- Events API
@@ -346,7 +345,7 @@ feature {NONE} -- Implementation
 
 	set_default_port
 		do
-			if is_tunneled then
+			if is_secure then
 				port := wss_port_default
 			else
 				port := ws_port_default
diff --git a/library/network/websocket/client/src/web_socket_impl.e b/library/network/websocket/client/src/web_socket_impl.e
index 3fc61c04..434ba896 100644
--- a/library/network/websocket/client/src/web_socket_impl.e
+++ b/library/network/websocket/client/src/web_socket_impl.e
@@ -27,8 +27,8 @@ feature {NONE} -- Initialization
 			create ready_state.make
 		ensure
 			uri_set: a_uri = uri
-			port_wss: is_tunneled implies port = wss_port_default
-			port_ws: not is_tunneled implies port = ws_port_default
+			port_wss: is_secure implies port = wss_port_default
+			port_ws: not is_secure implies port = ws_port_default
 			ready_state_set: ready_state.state = {WEB_SOCKET_READY_STATE}.connecting
 			subscriber_set: subscriber = a_subscriber
 			protocol_set: protocol.is_empty
@@ -58,8 +58,8 @@ feature {NONE} -- Initialization
 			create ready_state.make
 		ensure
 			uri_set: a_uri = uri
-			port_wss: is_tunneled implies port = wss_port_default
-			port_ws: not is_tunneled implies port = ws_port_default
+			port_wss: is_secure implies port = wss_port_default
+			port_ws: not is_secure implies port = ws_port_default
 			protocols_set: protocols = a_protocols
 			ready_state_set: ready_state.state = {WEB_SOCKET_READY_STATE}.connecting
 			subscriber_set: subscriber = a_subscriber
@@ -214,7 +214,7 @@ feature {NONE} -- Implementation
 
 	set_default_port
 		do
-			if is_tunneled then
+			if is_secure then
 				port := wss_port_default
 			else
 				port := ws_port_default
diff --git a/library/network/websocket/client/web_socket_client.ecf b/library/network/websocket/client/web_socket_client.ecf
index 78bdc0d0..2ff8f1e5 100644
--- a/library/network/websocket/client/web_socket_client.ecf
+++ b/library/network/websocket/client/web_socket_client.ecf
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-13-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-13-0 http://www.eiffel.com/developers/xml/configuration-1-13-0.xsd" name="web_socket_client" uuid="934F36F1-D417-4695-A5A9-2D005B35BB1B" library_target="web_socket_client">
+<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-13-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-13-0 http://www.eiffel.com/developers/xml/configuration-1-13-0.xsd" name="web_socket_client" uuid="EE010507-597F-4FAD-8EFA-B7251E800911" library_target="web_socket_client">
 	<target name="web_socket_client">
 		<root all_classes="true"/>
 		<file_rule>
@@ -16,47 +16,28 @@
 		<library name="crypto" location="$ISE_LIBRARY\unstable\library\text\encryption\crypto\crypto.ecf"/>
 		<library name="encoder" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\text\encoder\encoder.ecf"/>
 		<library name="net" location="$ISE_LIBRARY\library\net\net.ecf"/>
-		<library name="net_ssl" location="$ISE_LIBRARY\unstable\library\network\socket\netssl\net_ssl.ecf">
-			<condition>
-				<custom name="client_ssl_disabled" excluded_value="true"/>
-			</condition>
-		</library>
 		<library name="thread" location="$ISE_LIBRARY\library\thread\thread.ecf"/>
 		<library name="uri" location="$ISE_LIBRARY\library\text\uri\uri.ecf"/>
+		<library name="lib_http_network" location="..\..\http_network\http_network.ecf"/>
 		<library name="lib_web_socket_protocol" location="..\protocol\web_socket_protocol.ecf"/>
 		<cluster name="web_socket_client" location=".\src\" recursive="true">
 			<file_rule>
-				<exclude>/socket$</exclude>
 				<exclude>/no_ssl$</exclude>
 				<exclude>/ssl$</exclude>
 				<exclude>/spec$</exclude>
 			</file_rule>
 			<cluster name="ssl" location="$|ssl\" recursive="true">
 				<condition>
-					<custom name="client_ssl_disabled" excluded_value="true"/>
+					<custom name="ssl_enabled" value="true"/>
+				</condition>
+				<condition>
+					<custom name="net_ssl_enabled" value="true"/>
 				</condition>
 			</cluster>
 			<cluster name="no_ssl" location="$|no_ssl\" recursive="true">
 				<condition>
-					<custom name="client_ssl_disabled" value="true"/>
-				</condition>
-			</cluster>
-			<cluster name="socket" location="$|socket\">
-				<file_rule>
-					<exclude>/tcp_stream_socket.e$</exclude>
-					<condition>
-						<version type="compiler" max="15.2.0.0"/>
-					</condition>
-				</file_rule>
-				<cluster name="socket_ssl" location="$|ssl\" recursive="true" hidden="true">
-					<condition>
-						<custom name="client_ssl_disabled" excluded_value="true"/>
-					</condition>
-				</cluster>
-			</cluster>
-			<cluster name="spec_before_15_01" location="$|spec\before_15_01\" recursive="true">
-				<condition>
-					<version type="compiler" max="15.2.0.0"/>
+					<custom name="ssl_enabled" excluded_value="true"/>
+					<custom name="net_ssl_enabled" excluded_value="true"/>
 				</condition>
 			</cluster>
 		</cluster>
diff --git a/library/network/websocket/server/example/echo_websocket_server/application.e b/library/network/websocket/server/example/echo_websocket_server/application.e
index 1e98d994..110df868 100644
--- a/library/network/websocket/server/example/echo_websocket_server/application.e
+++ b/library/network/websocket/server/example/echo_websocket_server/application.e
@@ -23,8 +23,8 @@ feature {NONE} -- Initialization
 			opts.set_verbose_level ("debug")
 
 			opts.set_ssl_enabled (True) -- If SSL is supported
-			opts.set_ssl_ca_crt ("C:\OpenSSL-Win64\bin\ca.crt") -- Change to use your own crt file.
-			opts.set_ssl_ca_key ("C:\OpenSSL-Win64\bin\ca.key") -- Change to use your own key file.
+			opts.set_ssl_ca_crt ("ca.crt") -- Change to use your own crt file.
+			opts.set_ssl_ca_key ("ca.key") -- Change to use your own key file.
 
 			opts.set_port (default_port_number)
 		end
diff --git a/library/network/websocket/server/example/echo_websocket_server/ca.crt b/library/network/websocket/server/example/echo_websocket_server/ca.crt
new file mode 100644
index 00000000..6147c200
--- /dev/null
+++ b/library/network/websocket/server/example/echo_websocket_server/ca.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAcGgAwIBAgIJAJnXGtV+PtiYMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTUwNDAzMjIxNTA0WhcNMTYwNDAyMjIxNTA0WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDFMK6ojzg+KlklhTossR13c51izMgGc3B0z9ttfHIcx2kxra3HtHcKIl5wSUvn
+G8zmSyFAyQTs5LUv65q46FM9qU8tP+vTeFCfNXvjRcIEpouta3J53K0xuUlxz4d4
+4D6qvdDWAez/0AkI4y5etW5zXtg7IQorJhsI9TmfGuruzwIDAQABo1AwTjAdBgNV
+HQ4EFgQUbWpk2HoHa0YqpEwr7CGEatBFTMkwHwYDVR0jBBgwFoAUbWpk2HoHa0Yq
+pEwr7CGEatBFTMkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAi+h4/
+IgEocWkdRZBKHEcTrRxz5WhEDJMoVo9LhnXvCfn1G/4p6Un6sYv7Xzpi9NuSY8uV
+cjfJJXhtF3AtyZ70iTAxWaRWjGaZ03PYOjlledJ5rqJEt6CCn8m+JsfznduZvbxQ
+zQ6jCLXfyD/tvemB+yYEI3NntvRKx5/zt6Q26Q==
+-----END CERTIFICATE-----
diff --git a/library/network/websocket/server/example/echo_websocket_server/ca.key b/library/network/websocket/server/example/echo_websocket_server/ca.key
new file mode 100644
index 00000000..e5e22a52
--- /dev/null
+++ b/library/network/websocket/server/example/echo_websocket_server/ca.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDFMK6ojzg+KlklhTossR13c51izMgGc3B0z9ttfHIcx2kxra3H
+tHcKIl5wSUvnG8zmSyFAyQTs5LUv65q46FM9qU8tP+vTeFCfNXvjRcIEpouta3J5
+3K0xuUlxz4d44D6qvdDWAez/0AkI4y5etW5zXtg7IQorJhsI9TmfGuruzwIDAQAB
+AoGAR5efMg+dieRyLU8rieJcImxVbfOPg9gRsjdtIVkXTR+RL7ow59q7hXBo/Td/
+WU8cm1gXoJ/bK+71YYqWyB+BaLRIWvRWb7Gdw203tu4e136Ca5uuY+71qdbVTVcl
+NQ7J+T+eAQFP+a+DdT3ZQxu9eze87SMbu6i5YSpIk2kusOECQQDunv/DQ+nc+NgR
+DF+Td3sNYUVRT9a1CWi6abAG6reXwp8MS4NobWDf+Ps4JODhEEwlIdq5qL7qqYBZ
+Gc1TJJ53AkEA0404Fn6vAzzegBcS4RLlYTK7nMr0m4pMmDMCI6YzAYdMmKHp1e6f
+IwxSmQrmwyAgwcT01bc0+A8yipcC2BWQaQJBAJ01QZm635OGmos41KsKF5bsE8gL
+SpBBH69Yu/ECqGwie7iU84FUNnO4zIHjwghlPVVlZX3Vz9o4S+fn2N9DC+cCQGyZ
+QyCxGdC0r5fbwHJQS/ZQn+UGfvlVzqoXDVMVn3t6ZES6YZrT61eHnOM5qGqklIxE
+Old3vDZXPt/MU8Zvk3kCQBOgUx2VxvTrHN37hk9/QIDiM62+RenBm1M3ah8xTosf
+1mSeEb6d9Kwb3TgPBmA7YXzJuAQfRIvEPMPxT5SSr6Q=
+-----END RSA PRIVATE KEY-----
diff --git a/library/network/websocket/server/example/echo_websocket_server/echo_websocket_server-safe.ecf b/library/network/websocket/server/example/echo_websocket_server/echo_websocket_server-safe.ecf
index c75bed1d..f13448c2 100644
--- a/library/network/websocket/server/example/echo_websocket_server/echo_websocket_server-safe.ecf
+++ b/library/network/websocket/server/example/echo_websocket_server/echo_websocket_server-safe.ecf
@@ -32,18 +32,16 @@
 		<root class="APPLICATION" feature="make_and_launch"/>
 		<option concurrency="thread" root_concurrency="thread">
 		</option>
-		<variable name="httpd_ssl_enabled" value="true"/>
 	</target>
-	<target name="echo_websocket_server_mt_no_ssl" extends="echo_websocket_server_mt">
-		<variable name="httpd_ssl_enabled" value="false"/>
+	<target name="echo_websocket_server_mt_ssl" extends="echo_websocket_server_mt">
+		<variable name="ssl_enabled" value="true"/>
 	</target>
 	<target name="echo_websocket_server_scoop" extends="common">
 		<root class="APPLICATION" feature="make_and_launch"/>
 		<option concurrency="scoop" root_concurrency="scoop">
 		</option>
+	</target>
+	<target name="echo_websocket_server_scoop_ssl" extends="echo_websocket_server_scoop">
 		<variable name="httpd_ssl_enabled" value="true"/>
 	</target>
-	<target name="echo_websocket_server_scoop_no_ssl" extends="echo_websocket_server_scoop">
-		<variable name="httpd_ssl_enabled" value="false"/>
-	</target>
 </system>
diff --git a/library/server/httpd/configuration/httpd_configuration_i.e b/library/server/httpd/configuration/httpd_configuration_i.e
index 5602abd5..1e491775 100644
--- a/library/server/httpd/configuration/httpd_configuration_i.e
+++ b/library/server/httpd/configuration/httpd_configuration_i.e
@@ -23,8 +23,8 @@ feature {NONE} -- Initialization
 			keep_alive_timeout := default_keep_alive_timeout
 			max_keep_alive_requests := default_max_keep_alive_requests
 			is_secure := False
-			create ca_crt.make_empty
-			create ca_key.make_empty
+			create secure_certificate.make_empty
+			create secure_certificate_key.make_empty
 		end
 
 feature -- Access
@@ -75,8 +75,8 @@ feature -- Access
 			-- To disable KeepAlive, set `max_keep_alive_requests' to 0.
 			-- By default: 100 .
 
-	has_ssl_support: BOOLEAN
-			-- Has SSL support?
+	has_secure_support: BOOLEAN
+			-- Has SSL/TLS secure support?
 		deferred
 		end
 
@@ -96,30 +96,30 @@ feature -- Access: SSL
 	is_secure: BOOLEAN
 			 -- Is SSL/TLS session?.
 
-	ca_crt: detachable IMMUTABLE_STRING_32
+	secure_certificate: detachable IMMUTABLE_STRING_32
 			-- the signed certificate.
 
-	ca_key: detachable IMMUTABLE_STRING_32
-			-- private key to the certificate.
+	secure_certificate_key: detachable IMMUTABLE_STRING_32
+			-- private key to the certificate authority.
 
-	ssl_protocol: NATURAL
+	secure_protocol: NATURAL
 			-- By default protocol is tls 1.2.
 
 feature -- Element change
 
-	set_ssl_settings (v: detachable separate TUPLE [protocol: separate READABLE_STRING_GENERAL; ca_crt, ca_key: detachable separate READABLE_STRING_GENERAL])
+	set_secure_settings (v: detachable separate TUPLE [protocol: separate READABLE_STRING_GENERAL; ca_crt, ca_key: detachable separate READABLE_STRING_GENERAL])
 		local
 			prot: STRING_32
 		do
 			is_secure := False
-			ca_crt := Void
-			ca_key := Void
+			secure_certificate := Void
+			secure_certificate_key := Void
 			if v /= Void then
 				is_secure := True
 				create prot.make_from_separate (v.protocol)
-				set_ssl_protocol_from_string (prot)
-				set_ca_crt (v.ca_crt)
-				set_ca_key (v.ca_key)
+				set_secure_protocol_from_string (prot)
+				set_secure_certificate (v.ca_crt)
+				set_secure_certificate_key (v.ca_key)
 			end
 		end
 
@@ -229,7 +229,7 @@ feature -- Element change
 	set_is_secure (b: BOOLEAN)
 			-- Set `is_secure' to `b'.
 		do
-			if b and has_ssl_support then
+			if b and has_secure_support then
 				is_secure := True
 				if
 					http_server_port = 80
@@ -245,8 +245,8 @@ feature -- Element change
 				end
 			end
 		ensure
-			is_secure_set: has_ssl_support implies is_secure
-			is_not_secure: not has_ssl_support implies not is_secure
+			is_secure_set: has_secure_support implies is_secure
+			is_not_secure: not has_secure_support implies not is_secure
 		end
 
 	mark_secure
@@ -254,84 +254,84 @@ feature -- Element change
 		do
 			set_is_secure (True)
 		ensure
-			is_secure_set: has_ssl_support implies is_secure
-			-- http_server_port_set: has_ssl_support implies http_server_port = 443
-			is_not_secure: not has_ssl_support implies not is_secure
-			-- default_port: not has_ssl_support implies http_server_port = 80
+			is_secure_set: has_secure_support implies is_secure
+			-- http_server_port_set: has_secure_support implies http_server_port = 443
+			is_not_secure: not has_secure_support implies not is_secure
+			-- default_port: not has_secure_support implies http_server_port = 80
 		end
 
 feature -- Element change
 
-	set_ca_crt (a_value: detachable separate READABLE_STRING_GENERAL)
-			-- Set `ca_crt' from `a_value'.
+	set_secure_certificate (a_value: detachable separate READABLE_STRING_GENERAL)
+			-- Set `secure_certificate' from `a_value'.
 		do
 			if a_value /= Void then
-				create ca_crt.make_from_separate (a_value)
+				create secure_certificate.make_from_separate (a_value)
 			else
-				ca_crt := Void
+				secure_certificate := Void
 			end
 		end
 
-	set_ca_key (a_value: detachable separate READABLE_STRING_GENERAL)
-			-- Set `ca_key' with `a_value'.
+	set_secure_certificate_key (a_value: detachable separate READABLE_STRING_GENERAL)
+			-- Set `secure_certificate_key' with `a_value'.
 		do
 			if a_value /= Void then
-				create ca_key.make_from_separate (a_value)
+				create secure_certificate_key.make_from_separate (a_value)
 			else
-				ca_key := Void
+				secure_certificate_key := Void
 			end
 		end
 
-	set_ssl_protocol  (a_version: NATURAL)
-			-- Set `ssl_protocol' with `a_version'
+	set_secure_protocol (a_version: NATURAL)
+			-- Set `secure_protocol' with `a_version'
 		do
-			ssl_protocol := a_version
+			secure_protocol := a_version
 		ensure
-			ssl_protocol_set: ssl_protocol = a_version
+			secure_protocol_set: secure_protocol = a_version
 		end
 
-	set_ssl_protocol_from_string (a_ssl_version: READABLE_STRING_GENERAL)
-			-- Set `ssl_protocol' with `a_ssl_version'
+	set_secure_protocol_from_string (a_ssl_version: READABLE_STRING_GENERAL)
+			-- Set `secure_protocol' with `a_ssl_version'
 		do
 			if a_ssl_version.is_case_insensitive_equal ("ssl_2_3") then
-				set_ssl_protocol_to_ssl_2_or_3
+				set_secure_protocol_to_ssl_2_or_3
 			elseif a_ssl_version.is_case_insensitive_equal ("tls_1_0") then
-				set_ssl_protocol_to_tls_1_0
+				set_secure_protocol_to_tls_1_0
 			elseif a_ssl_version.is_case_insensitive_equal ("tls_1_1") then
-				set_ssl_protocol_to_tls_1_1
+				set_secure_protocol_to_tls_1_1
 			elseif a_ssl_version.is_case_insensitive_equal ("tls_1_2") then
-				set_ssl_protocol_to_tls_1_2
+				set_secure_protocol_to_tls_1_2
 			elseif a_ssl_version.is_case_insensitive_equal ("dtls_1_0") then
-				set_ssl_protocol_to_dtls_1_0
+				set_secure_protocol_to_dtls_1_0
 			else -- Default
-				set_ssl_protocol_to_tls_1_2
+				set_secure_protocol_to_tls_1_2
 			end
 		end
 
 feature -- SSL Helpers
 
-	set_ssl_protocol_to_ssl_2_or_3
-			-- Set `ssl_protocol' with `Ssl_23'.
+	set_secure_protocol_to_ssl_2_or_3
+			-- Set `secure_protocol' with `Ssl_23'.
 		deferred
 		end
 
-	set_ssl_protocol_to_tls_1_0
-			-- Set `ssl_protocol' with `Tls_1_0'.
+	set_secure_protocol_to_tls_1_0
+			-- Set `secure_protocol' with `Tls_1_0'.
 		deferred
 		end
 
-	set_ssl_protocol_to_tls_1_1
-			-- Set `ssl_protocol' with `Tls_1_1'.
+	set_secure_protocol_to_tls_1_1
+			-- Set `secure_protocol' with `Tls_1_1'.
 		deferred
 		end
 
-	set_ssl_protocol_to_tls_1_2
-			-- Set `ssl_protocol' with `Tls_1_2'.
+	set_secure_protocol_to_tls_1_2
+			-- Set `secure_protocol' with `Tls_1_2'.
 		deferred
 		end
 
-	set_ssl_protocol_to_dtls_1_0
-			-- Set `ssl_protocol' with `Dtls_1_0'.
+	set_secure_protocol_to_dtls_1_0
+			-- Set `secure_protocol' with `Dtls_1_0'.
 		deferred
 		end
 
diff --git a/library/server/httpd/configuration/httpd_constants.e b/library/server/httpd/configuration/httpd_constants.e
index 0e8b90a4..80fbef03 100644
--- a/library/server/httpd/configuration/httpd_constants.e
+++ b/library/server/httpd/configuration/httpd_constants.e
@@ -9,6 +9,9 @@ note
 deferred class
 	HTTPD_CONSTANTS
 
+inherit
+	HTTP_SECURE_HELPER
+
 feature -- Default connection settings
 
 	default_http_server_port: INTEGER = 80
diff --git a/library/server/httpd/httpd-safe.ecf b/library/server/httpd/httpd-safe.ecf
index a279e570..f3e44d75 100644
--- a/library/server/httpd/httpd-safe.ecf
+++ b/library/server/httpd/httpd-safe.ecf
@@ -65,4 +65,7 @@
 			</cluster>
 		</cluster>
 	</target>
+	<target name="httpd_ssl" extends="httpd">
+		<variable name="ssl_enabled" value="true" />
+	</target>
 </system>
diff --git a/library/server/httpd/httpd_request_handler_i.e b/library/server/httpd/httpd_request_handler_i.e
index 5590dac8..6263cb5c 100644
--- a/library/server/httpd/httpd_request_handler_i.e
+++ b/library/server/httpd/httpd_request_handler_i.e
@@ -525,7 +525,7 @@ feature -- Parsing
 				if a_socket.was_error then
 					report_error ("Socket error")
 					if is_verbose then
-						log (request_header +"%N" + Result + "%N## was_error=False! ##", debug_level)
+						log (request_header +"%N" + Result + "%N## Network error: " + a_socket.error + " ##", debug_level)
 					end
 				end
 			else
diff --git a/library/server/httpd/httpd_server_i.e b/library/server/httpd/httpd_server_i.e
index b908df55..9d306833 100644
--- a/library/server/httpd/httpd_server_i.e
+++ b/library/server/httpd/httpd_server_i.e
@@ -113,7 +113,7 @@ feature -- Execution
 				log ("  - socket_recv_timeout = " + configuration.socket_recv_timeout.out + " seconds")
 				log ("  - keep_alive_timeout = " + configuration.keep_alive_timeout.out + " seconds")
 				log ("  - max_keep_alive_requests = " + configuration.max_keep_alive_requests.out)
-				if configuration.has_ssl_support then
+				if configuration.has_secure_support then
 					if configuration.is_secure then
 						log ("  - SSL = enabled")
 					else
diff --git a/library/server/httpd/network/httpd_socket_factory.e b/library/server/httpd/network/httpd_socket_factory.e
index 68101ac1..31e8021c 100644
--- a/library/server/httpd/network/httpd_socket_factory.e
+++ b/library/server/httpd/network/httpd_socket_factory.e
@@ -11,7 +11,7 @@ feature -- Access
 	new_client_socket (a_is_secure: BOOLEAN): HTTPD_STREAM_SOCKET
 		do
 			if a_is_secure then
-				create {HTTPD_STREAM_SSL_SOCKET} Result.make_empty
+				create {HTTPD_STREAM_SECURE_SOCKET} Result.make_empty
 			else
 				create Result.make_empty
 			end
diff --git a/library/server/httpd/network/httpd_stream_ssl_socket.e b/library/server/httpd/network/httpd_stream_secure_socket.e
similarity index 92%
rename from library/server/httpd/network/httpd_stream_ssl_socket.e
rename to library/server/httpd/network/httpd_stream_secure_socket.e
index d9c53ded..696cf460 100644
--- a/library/server/httpd/network/httpd_stream_ssl_socket.e
+++ b/library/server/httpd/network/httpd_stream_secure_socket.e
@@ -6,10 +6,10 @@ note
 	revision: "$Revision$"
 
 class
-	HTTPD_STREAM_SSL_SOCKET
+	HTTPD_STREAM_SECURE_SOCKET
 
 inherit
-	HTTP_STREAM_SSL_SOCKET
+	HTTP_STREAM_SECURE_SOCKET
 
 	HTTPD_STREAM_SOCKET
 		undefine
@@ -27,7 +27,7 @@ inherit
 			read_stream_noexception,
 			read_into_pointer_noexception,
 			put_pointer_content_noexception,
-			is_ssl_supported
+			is_secure_connection_supported
 		end
 
 create
diff --git a/library/server/httpd/no_ssl/httpd_configuration.e b/library/server/httpd/no_ssl/httpd_configuration.e
index adb3a92f..3666c387 100644
--- a/library/server/httpd/no_ssl/httpd_configuration.e
+++ b/library/server/httpd/no_ssl/httpd_configuration.e
@@ -16,38 +16,38 @@ feature -- Status
 
 	Server_details: STRING_8 = "Server: Standalone Eiffel Server"
 
-	has_ssl_support: BOOLEAN = False
+	has_secure_support: BOOLEAN = False
 			-- Precursor
 
 feature -- SSL Helpers
 
-	set_ssl_protocol_to_ssl_2_or_3
-			-- Set `ssl_protocol' with `Ssl_23'.
+	set_secure_protocol_to_ssl_2_or_3
+			-- Set `secure_protocol' with `Ssl_23'.
 		do
 				-- Ignored
 		end
 
 
-	set_ssl_protocol_to_tls_1_0
-			-- Set `ssl_protocol' with `Tls_1_0'.
+	set_secure_protocol_to_tls_1_0
+			-- Set `secure_protocol' with `Tls_1_0'.
 		do
 				-- Ignored
 		end
 
-	set_ssl_protocol_to_tls_1_1
-			-- Set `ssl_protocol' with `Tls_1_1'.
+	set_secure_protocol_to_tls_1_1
+			-- Set `secure_protocol' with `Tls_1_1'.
 		do
 				-- Ignored
 		end
 
-	set_ssl_protocol_to_tls_1_2
-			-- Set `ssl_protocol' with `Tls_1_2'.
+	set_secure_protocol_to_tls_1_2
+			-- Set `secure_protocol' with `Tls_1_2'.
 		do
 				-- Ignored
 		end
 
-	set_ssl_protocol_to_dtls_1_0
-			-- Set `ssl_protocol' with `Dtls_1_0'.
+	set_secure_protocol_to_dtls_1_0
+			-- Set `secure_protocol' with `Dtls_1_0'.
 		do
 				-- Ignored
 		end
diff --git a/library/server/httpd/ssl/httpd_configuration.e b/library/server/httpd/ssl/httpd_configuration.e
index b7eba79b..1a5d1961 100644
--- a/library/server/httpd/ssl/httpd_configuration.e
+++ b/library/server/httpd/ssl/httpd_configuration.e
@@ -21,48 +21,48 @@ feature {NONE} -- Initialization
 			-- Create a new instance and set ssl protocol to tls_1_2.
 		do
 			Precursor
-			set_ssl_protocol_to_tls_1_2
+			set_secure_protocol_to_tls_1_2
 		ensure then
-			ssl_protocol_set: ssl_protocol = {SSL_PROTOCOL}.tls_1_2
+			secure_protocol_set: secure_protocol = {SSL_PROTOCOL}.tls_1_2
 		end
 
 feature -- Access
 
-	Server_details: STRING_8 = "Server: Standalone Eiffel Server (https)"
+	Server_details: STRING_8 = "Server: Standalone Eiffel Server (secure)"
 
-	has_ssl_support: BOOLEAN = True
+	has_secure_support: BOOLEAN = True
 			-- Precursor		
 
 feature -- SSL Helpers
 
-	set_ssl_protocol_to_ssl_2_or_3
-			-- Set `ssl_protocol' with `Ssl_23'.
+	set_secure_protocol_to_ssl_2_or_3
+			-- Set `secure_protocol' with `Ssl_23'.
 		do
-			set_ssl_protocol ({SSL_PROTOCOL}.Ssl_23)
+			set_secure_protocol ({SSL_PROTOCOL}.Ssl_23)
 		end
 
-	set_ssl_protocol_to_tls_1_0
-			-- Set `ssl_protocol' with `Tls_1_0'.
+	set_secure_protocol_to_tls_1_0
+			-- Set `secure_protocol' with `Tls_1_0'.
 		do
-			set_ssl_protocol ({SSL_PROTOCOL}.Tls_1_0)
+			set_secure_protocol ({SSL_PROTOCOL}.Tls_1_0)
 		end
 
-	set_ssl_protocol_to_tls_1_1
-			-- Set `ssl_protocol' with `Tls_1_1'.
+	set_secure_protocol_to_tls_1_1
+			-- Set `secure_protocol' with `Tls_1_1'.
 		do
-			set_ssl_protocol ({SSL_PROTOCOL}.Tls_1_1)
+			set_secure_protocol ({SSL_PROTOCOL}.Tls_1_1)
 		end
 
-	set_ssl_protocol_to_tls_1_2
-			-- Set `ssl_protocol' with `Tls_1_2'.
+	set_secure_protocol_to_tls_1_2
+			-- Set `secure_protocol' with `Tls_1_2'.
 		do
-			set_ssl_protocol ({SSL_PROTOCOL}.Tls_1_2)
+			set_secure_protocol ({SSL_PROTOCOL}.Tls_1_2)
 		end
 
-	set_ssl_protocol_to_dtls_1_0
-			-- Set `ssl_protocol' with `Dtls_1_0'.
+	set_secure_protocol_to_dtls_1_0
+			-- Set `secure_protocol' with `Dtls_1_0'.
 		do
-			set_ssl_protocol ({SSL_PROTOCOL}.Dtls_1_0)
+			set_secure_protocol ({SSL_PROTOCOL}.Dtls_1_0)
 		end
 
 
diff --git a/library/server/httpd/ssl/httpd_server.e b/library/server/httpd/ssl/httpd_server.e
index fed7c946..a9afaf4f 100644
--- a/library/server/httpd/ssl/httpd_server.e
+++ b/library/server/httpd/ssl/httpd_server.e
@@ -1,6 +1,6 @@
 note
 	description: "[
-			SSL enabled server
+			SECURE enabled server
 		]"
 	date: "$Date$"
 	revision: "$Revision$"
@@ -21,24 +21,24 @@ feature {NONE} -- Factory
 
 	new_listening_socket (a_addr: detachable INET_ADDRESS; a_http_port: INTEGER): HTTPD_STREAM_SOCKET
 		local
-			s_ssl: HTTPD_STREAM_SSL_SOCKET
+			s_secure: HTTPD_STREAM_SECURE_SOCKET
 		do
 			if configuration.is_secure then
 				if a_addr /= Void then
-					create s_ssl.make_server_by_address_and_port (a_addr, a_http_port)
-					Result := s_ssl
+					create s_secure.make_server_by_address_and_port (a_addr, a_http_port)
+					Result := s_secure
 				else
-					create s_ssl.make_server_by_port (a_http_port)
+					create s_secure.make_server_by_port (a_http_port)
 				end
-				s_ssl.set_tls_protocol (configuration.ssl_protocol)
-				if attached configuration.ca_crt as l_crt then
-					s_ssl.set_certificate_file_name (l_crt)
+				s_secure.set_tls_protocol (configuration.secure_protocol)
+				if attached configuration.secure_certificate as l_crt then
+					s_secure.set_certificate_file_name (l_crt)
 				end
-				if attached configuration.ca_key as l_key then
-					s_ssl.set_key_file_name (l_key)
+				if attached configuration.secure_certificate_key as l_key then
+					s_secure.set_key_file_name (l_key)
 				end
 
-				Result := s_ssl
+				Result := s_secure
 			else
 				Result := Precursor (a_addr, a_http_port)
 			end
diff --git a/library/server/wsf/connector/standalone/wsf_standalone_service_launcher.e b/library/server/wsf/connector/standalone/wsf_standalone_service_launcher.e
index ca1c6182..3240dd98 100644
--- a/library/server/wsf/connector/standalone/wsf_standalone_service_launcher.e
+++ b/library/server/wsf/connector/standalone/wsf_standalone_service_launcher.e
@@ -76,7 +76,7 @@ feature {NONE} -- Initialization
 
 				verbose := opts.option_boolean_value ("verbose", verbose)
 					-- See `{HTTPD_REQUEST_HANDLER_I}.*_verbose_level`
-					
+
 				if opts.has_integer_option ("verbose_level") then
 					verbose_level := opts.option_integer_value ("verbose_level", verbose_level)
 				elseif attached {READABLE_STRING_GENERAL} opts.option ("verbose_level") as s_verbose_level then
@@ -115,11 +115,17 @@ feature {NONE} -- Initialization
 				keep_alive_timeout := opts.option_integer_value ("keep_alive_timeout", keep_alive_timeout)
 				max_keep_alive_requests := opts.option_integer_value ("max_keep_alive_requests", max_keep_alive_requests)
 
-				if 
-					opts.option_boolean_value ("ssl_enabled", ssl_enabled) and then
+				if
+					opts.option_boolean_value ("is_secure", is_secure) and then
+					attached opts.option_string_32_value ("secure_protocol", "tls_1_2") as l_secure_prot
+				then
+					secure_settings := [l_secure_prot, opts.option_string_32_value ("secure_certificate", Void), opts.option_string_32_value ("secure_certificate_key", Void)]
+				elseif
+						-- OBSOLETE: backward compatible with old settings name [oct/2016].
+					opts.option_boolean_value ("ssl_enabled", is_secure) and then
 					attached opts.option_string_32_value ("ssl_protocol", "tls_1_2") as ssl_prot
 				then
-					ssl_settings := [ssl_prot, opts.option_string_32_value ("ssl_ca_crt", Void), opts.option_string_32_value ("ssl_ca_key", Void)]
+					secure_settings := [ssl_prot, opts.option_string_32_value ("ssl_ca_crt", Void), opts.option_string_32_value ("ssl_ca_key", Void)]
 				end
 			end
 
@@ -135,7 +141,7 @@ feature {NONE} -- Initialization
 			-- Set `single_threaded' to True.
 		do
 			max_concurrent_connections := 1
- 		end		
+ 		end
 
 feature -- Execution
 
@@ -143,7 +149,7 @@ feature -- Execution
 		do
 			cfg.set_is_verbose (verbose)
 			cfg.set_verbose_level (verbose_level)
-			cfg.set_ssl_settings (ssl_settings)
+			cfg.set_secure_settings (secure_settings)
 			cfg.set_http_server_name (server_name)
 			cfg.http_server_port := port_number
 			cfg.set_max_concurrent_connections (max_concurrent_connections)
@@ -165,7 +171,7 @@ feature -- Execution
 			debug ("ew_standalone")
 				if verbose then
 					io.error.put_string ("Launching standalone web server on port " + port_number.out)
-					if ssl_enabled then
+					if is_secure then
 						io.error.put_string ("%N https://")
 					else
 						io.error.put_string ("%N http://")
@@ -213,26 +219,36 @@ feature {NONE} -- Implementation
 			-- Help defining the verbosity.
 			-- The higher, the more output.
 
-	ssl_settings: detachable TUPLE [protocol: READABLE_STRING_GENERAL; ca_crt, ca_key: detachable READABLE_STRING_GENERAL]
-
-	ssl_enabled: BOOLEAN
-			-- Is secure server? i.e using SSL?
-		do
-			Result := attached ssl_settings as ssl and then attached ssl.protocol as prot and then not prot.is_whitespace
-		end
-
 	max_concurrent_connections: INTEGER
-	max_tcp_clients: INTEGER
-	socket_timeout: INTEGER
-	socket_recv_timeout: INTEGER
-	keep_alive_timeout: INTEGER	
-	max_keep_alive_requests: INTEGER
 
 	single_threaded: BOOLEAN
 		do
 			Result := max_concurrent_connections = 0
 		end
 
+	max_tcp_clients: INTEGER
+	socket_timeout: INTEGER
+	socket_recv_timeout: INTEGER
+
+	keep_alive_timeout: INTEGER
+	max_keep_alive_requests: INTEGER
+
+	is_secure_connection_supported: BOOLEAN
+			-- Is SSL supported in current compiled system?
+		do
+			Result := {WGI_STANDALONE_CONSTANTS}.is_secure_connection_supported
+		end
+
+	is_secure: BOOLEAN
+			-- Is secure server? i.e using SSL?
+		do
+			Result := attached secure_settings as l_secure_settings and then
+					attached l_secure_settings.protocol as prot and then not prot.is_whitespace
+		end
+
+	secure_settings: detachable TUPLE [protocol: READABLE_STRING_GENERAL; ca_crt, ca_key: detachable READABLE_STRING_GENERAL]
+
+
 feature -- Status report
 
 	connector: WGI_STANDALONE_CONNECTOR [G]
@@ -244,7 +260,7 @@ feature -- Status report
 		end
 
 ;note
-	copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
+	copyright: "2011-2016, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
 	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
 	source: "[
 			Eiffel Software
diff --git a/library/server/wsf/connector/standalone/wsf_standalone_service_options.e b/library/server/wsf/connector/standalone/wsf_standalone_service_options.e
index d4695845..b537ecf2 100644
--- a/library/server/wsf/connector/standalone/wsf_standalone_service_options.e
+++ b/library/server/wsf/connector/standalone/wsf_standalone_service_options.e
@@ -11,6 +11,14 @@ class
 inherit
 	WSF_SERVICE_LAUNCHER_OPTIONS
 
+feature -- Status report
+
+	is_secure_connection_supported: BOOLEAN
+			-- Is SSL/TLS supported by current compiled system?
+		do
+			Result := {WGI_STANDALONE_CONSTANTS}.is_secure_connection_supported
+		end
+
 feature -- Access: output
 
 	is_verbose: BOOLEAN
@@ -24,40 +32,40 @@ feature -- Access: output
 		do
 			if attached {READABLE_STRING_GENERAL} option ("verbose_level") as l_verbose_level and then l_verbose_level.is_valid_as_string_8 then
 				Result := l_verbose_level.to_string_8
-			end			
+			end
 		end
-		
+
 feature -- Access: connection			
 
-	port: INTEGER
+	port: INTEGER assign set_port
 			-- Listening port number.
 		do
 			Result := option_integer_value ("port", 0)
 		end
 
-	server_name: detachable READABLE_STRING_8
+	server_name: detachable READABLE_STRING_8 assign set_server_name
 			-- Listening only for connection on `server_name' if defined.
 		do
 			if attached {READABLE_STRING_GENERAL} option ("server_name") as l_server_name and then l_server_name.is_valid_as_string_8 then
 				Result := l_server_name.to_string_8
-			end			
+			end
 		end
 
-	base_url: detachable READABLE_STRING_8
+	base_url: detachable READABLE_STRING_8 assign set_base_url
 		do
 			if attached {READABLE_STRING_GENERAL} option ("base") as l_base and then l_base.is_valid_as_string_8 then
 				Result := l_base.to_string_8
-			end			
+			end
 		end
 
-	max_concurrent_connections: INTEGER
+	max_concurrent_connections: INTEGER assign set_max_concurrent_connections
 			-- Maximum of concurrent connections.
 			-- Define the size of the concurrent pool.
 		do
 			Result := option_integer_value ("max_concurrent_connections", 0)
 		end
 
-	max_tcp_clients: INTEGER
+	max_tcp_clients: INTEGER assign set_max_tcp_clients
 			-- Listen on socket for at most `queue' connections.	
 		do
 			Result := option_integer_value ("max_tcp_clients", 0)
@@ -65,7 +73,7 @@ feature -- Access: connection
 
 feature -- Access: network
 
-	socket_timeout: INTEGER
+	socket_timeout: INTEGER assign set_socket_timeout
 			-- Amount of seconds that the server waits for receipts and transmissions during communications.
 			-- note: with timeout of 0, socket can wait for ever.
 			-- By default: {HTTPD_CONFIGURATION_I}.default_socket_timeout seconds, which is appropriate for most situations.
@@ -73,7 +81,7 @@ feature -- Access: network
 			Result := option_integer_value ("socket_timeout", 0)
 		end
 
-	socket_recv_timeout: INTEGER
+	socket_recv_timeout: INTEGER assign set_socket_recv_timeout
 			-- Amount of seconds that the server waits for receiving data during communications.
 			-- note: with timeout of 0, socket can wait for ever.
 			-- By default: {HTTPD_CONFIGURATION_I}.default_socket_recv_timeout seconds.	
@@ -83,7 +91,7 @@ feature -- Access: network
 
 feature -- Access: persistent connection	
 
-	keep_alive_timeout: INTEGER
+	keep_alive_timeout: INTEGER assign set_keep_alive_timeout
 			-- Persistent connection timeout.
 			-- Number of seconds the server waits after a request has been served before it closes the connection.
 			-- Timeout unit in Seconds.
@@ -92,7 +100,7 @@ feature -- Access: persistent connection
 			Result := option_integer_value ("keep_alive_timeout", 0)
 		end
 
-	max_keep_alive_requests: INTEGER
+	max_keep_alive_requests: INTEGER assign set_max_keep_alive_requests
 			-- Maximum number of requests allowed per persistent connection.
 			-- Recommended a high setting.
 			-- To disable KeepAlive, set `max_keep_alive_requests' to 0.
@@ -103,34 +111,34 @@ feature -- Access: persistent connection
 
 feature -- Access: SSL	
 
-	ssl_enabled: BOOLEAN
+	is_secure: BOOLEAN assign set_is_secure
 			 -- Is SSL/TLS session?
 		do
-			Result := option_boolean_value ("ssl_enabled", False)
+			Result := option_boolean_value ("is_secure", False)
 		end
 
-	ssl_protocol: detachable READABLE_STRING_GENERAL
+	secure_protocol: detachable READABLE_STRING_GENERAL assign set_secure_protocol
 			-- SSL protocol name, by default TLS 1.2
 		do
-			if attached {READABLE_STRING_GENERAL} option ("ssl_protocol") as l_prot and then l_prot.is_valid_as_string_8 then
+			if attached {READABLE_STRING_GENERAL} option ("secure_protocol") as l_prot and then l_prot.is_valid_as_string_8 then
 				Result := l_prot.to_string_8
-			end			
+			end
 		end
 
-	ssl_ca_crt: detachable READABLE_STRING_GENERAL
+	secure_certificate: detachable READABLE_STRING_GENERAL assign set_secure_certificate
 			-- Signed certificate.	
 		do
-			if attached {READABLE_STRING_GENERAL} option ("ssl_ca_crt") as l_ssl_ca_crt then
+			if attached {READABLE_STRING_GENERAL} option ("secure_certificate") as l_ssl_ca_crt then
 				Result := l_ssl_ca_crt
-			end			
+			end
 		end
 
-	ssl_ca_key: detachable READABLE_STRING_GENERAL
+	secure_certificate_key: detachable READABLE_STRING_GENERAL assign set_secure_certificate_key
 			-- Private key for the certificate.
 		do
-			if attached {READABLE_STRING_GENERAL} option ("ssl_ca_key") as l_ssl_ca_key then
+			if attached {READABLE_STRING_GENERAL} option ("secure_certificate_key") as l_ssl_ca_key then
 				Result := l_ssl_ca_key
-			end			
+			end
 		end
 
 feature -- Element change
@@ -156,6 +164,11 @@ feature -- Element change
 			set_string_option ("server_name", v)
 		end
 
+	set_base_url (v: detachable READABLE_STRING_8)
+		do
+			set_string_option ("base_url", v)
+		end
+
 	set_max_tcp_clients (v: like max_tcp_clients)
 			-- Set `max_tcp_clients' with `v'.
 		do
@@ -192,60 +205,69 @@ feature -- Element change
 			set_numeric_option ("max_keep_alive_requests", nb)
 		end
 
-	set_ssl_enabled (b: BOOLEAN)
+	set_is_secure (b: BOOLEAN)
+			-- Set secured connection enabled to `b'.
+			-- i.e if connection is using SSL/TLS.
 		do
-			set_boolean_option ("ssl_enabled", b)
+			set_boolean_option ("is_secure", b)
 		end
 
-	set_ssl_protocol_to_ssl_2_or_3
+	set_secure_protocol_to_ssl_2_or_3
 			-- Set `ssl_protocol' with `Ssl_23'.
 		do
-			set_ssl_protocol ("ssl_2_3")
+			set_secure_protocol ("ssl_2_3")
 		end
 
-	set_ssl_protocol_to_tls_1_0
+	set_secure_protocol_to_tls_1_0
 			-- Set `ssl_protocol' with `Tls_1_0'.
 		do
-			set_ssl_protocol ("tls_1_0")
+			set_secure_protocol ("tls_1_0")
 		end
 
-	set_ssl_protocol_to_tls_1_1
+	set_secure_protocol_to_tls_1_1
 			-- Set `ssl_protocol' with `Tls_1_1'.
 		do
-			set_ssl_protocol ("tls_1_1")
+			set_secure_protocol ("tls_1_1")
 		end
 
-	set_ssl_protocol_to_tls_1_2
+	set_secure_protocol_to_tls_1_2
 			-- Set `ssl_protocol' with `Tls_1_2'.
 		do
-			set_ssl_protocol ("tls_1_2")
+			set_secure_protocol ("tls_1_2")
 		end
 
-	set_ssl_protocol_to_dtls_1_0
+	set_secure_protocol_to_dtls_1_0
 			-- Set `ssl_protocol' with `Dtls_1_0'.
 		do
-			set_ssl_protocol ("dtls_1_0")
+			set_secure_protocol ("dtls_1_0")
 		end
 
-	set_ssl_protocol (a_prot: detachable READABLE_STRING_GENERAL)
-			-- Set `ssl_protocol' with `a_version'
+	set_secure_protocol (a_prot: detachable READABLE_STRING_GENERAL)
+			-- Set `secure_protocol' with `a_version'
 		do
-			set_string_option ("ssl_protocol", a_prot)
+			set_string_option ("secure_protocol", a_prot)
 		end
 
-	set_ssl_ca_crt (a_value: detachable READABLE_STRING_GENERAL)
-			-- Set `ssl_ca_crt' from `a_value'.
+	set_secure_certificate (a_value: detachable READABLE_STRING_GENERAL)
+			-- Set `secure_certificate' from `a_value'.
 		do
-			set_string_option ("ssl_ca_crt", a_value)
+			set_string_option ("secure_certificate", a_value)
 		end
 
-	set_ssl_ca_key (a_value: detachable READABLE_STRING_GENERAL)
-			-- Set `ssl_ca_key' with `a_value'.
+	set_secure_certificate_key (a_value: detachable READABLE_STRING_GENERAL)
+			-- Set `secure_certificate_key' with `a_value'.
 		do
-			set_string_option ("ssl_ca_key", a_value)
+			set_string_option ("secure_certificate_key", a_value)
 		end
 
 note
-	copyright: "2011-2016, Javier Velilla, Jocelyn Fiat and others"
+	copyright: "2011-2016, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
 	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
+	source: "[
+			Eiffel Software
+			5949 Hollister Ave., Goleta, CA 93117 USA
+			Telephone 805-685-1006, Fax 805-685-6869
+			Website http://www.eiffel.com
+			Customer support http://support.eiffel.com
+		]"
 end
diff --git a/library/server/wsf/src/service/wsf_service_launcher_options.e b/library/server/wsf/src/service/wsf_service_launcher_options.e
index 1c6310f1..265aad15 100644
--- a/library/server/wsf/src/service/wsf_service_launcher_options.e
+++ b/library/server/wsf/src/service/wsf_service_launcher_options.e
@@ -75,6 +75,12 @@ feature -- Merging
 			end
 		end
 
+	import_ini_file_options (a_filename: READABLE_STRING_GENERAL)
+			-- Import options from ini file `a_filename'.
+		do
+			append_options (create {WSF_SERVICE_LAUNCHER_OPTIONS_FROM_INI}.make_from_file (a_filename))
+		end
+
 feature -- Access
 
 	option (a_name: READABLE_STRING_GENERAL): detachable ANY