XML-RPC uses HTTP. However, a common variation of the protocol substitutes
HTTPS, which uses SSL to encrypt the connections so that people can't snoop on
them and clients and servers can't impersonate others.
Xmlrpc-c provides facilities for building a client that uses HTTPS, using
the HTTPS facilities of the Curl library.
Xmlrpc-c's Abyss-based server facilities can do HTTPS. The function is
based on the OpenSSL library, and you provide all of the SSL-related parameters
via an SSL_CTX object that you set up using calls to OpenSSL.
This code is new, and is not yet documented, so if you want to use it,
you'll have to look at header files, in particular
xmlrpc-c/abyss_openssl.h (the C interface) and
xmlrpc-c/AbyssChanSwitchOpenSsl.hpp (the C++ interface). Because
you supply all the paramters via an SSL_CTX object, there really isn't much
you need to know from the Xmlrpc-c side. Of course, the OpenSSL side is
extremely difficult - you have to juggle the certificate, keys, parameter
files, ciphers, etc. and make numerous calls to the OpenSSL library. There
are building working examples in the examples directory of the Xmlrpc-c
source tree. See ssl_server and ssl_secure_server.
You can also exploit lower level server facilities (method registry,
XML-RPC call parsing, etc.) in Xmlrpc-c while handling the HTTPS part in your
own code (instead of using Abyss).
Another option is to use stunnel. That is a program, not associated
with Xmlrpc-c, that relays between an SSL port and a non-SSL port. You can
set up a stunnel server that makes available to the world an
SSL-XML-RPC port. That server connects via regular HTTP, so regular XML-RPC,
to an Xmlrpc-c Abyss server. The stunnel server relays traffic between
the two. For this to work, you have to make sure nobody untrusted can connect
directly to the Abyss server, such as with a firewall at the TCP/IP level.
You can actually use stunnel on the client side as well, to connect
a non-SSL-aware client to an SSL server. That is not as useful with
Xmlrpc-c because it provides SSL-aware clients, but it might be easier than
using XML-RPC SSL facilities in some applications.