* Add ssl_key and ssl_certificate options, default to /dev/null and do nothing * Use global connection stanza instead of individual entries per provisioner. Less code duplication.