I guess it depends on what you're writing, but I say allow the user to install and use the module without SSL. The LWP module works just fine for http without https support. Strongly advise them of the security and need to use SSL in your docs and even during the install and module complilation, but don't prevent them from using your perfectly good module just because they really should use SSL. There are too many political aspects to encryption code to require it. Maybe they'll just pipe your module over an SSH tunnel or VPN and have encryption.