Is there a reason that we are continuing to use the com.sun.net.ssl classes for SSL? The javax.net.ssl classes are in JSSE 1.0.3_03 at least, and it would mean that we could have a clean compile if we moved to the non-deprecated classes.
Don't know off-hand, thought I suspect backwards compatibility. I'd be +1 on switching to the javax classes in HEAD.