One showstopper is nsopenssl, which does not work with 4.0 yet. Scott Goodwin is working on it
If you use a ssl-reverse-proxy, aolserver does not need ssl, as only the traffic between the users browser and the reverse-proxy is via https. The proxy can connect to the backend server via http. Both apache and pound support that solution.