Thanks for the response. Yes I have:
In my permissions (along with other stuff). I currently have the Facebook SDK logging in via a native JNI call, so the Android side should be fine hitting HTTPS itself.
It’s just the cocos2dx side calling my HTTPS backend using CCHttpClient. It is returning a status code of –1 under Android, the same as it was with iOS until I rebuilt curl with SSL support (now 200).