That makes no sense to me. The groupwise retain plugin simply opens the retain website from within the groupwise client, while passing on the groupwise credentials to it. What in this process does not work?
Also, Retain runs in recent Tomcat and/or Apache versions, but SSL has to be all manually enabled (by default retains runs unencrypted). So it surely supports anything you like (or configure) in terms of TLS in either Tomcat or Apache.