WCF SSL secure transfer or large payloads without changing firewall

I need to transfer small amounts of data intermittently from clients to our server in a secure fash开发者_Python百科ion and pull down large binary files from the server ocassionally. It's important for all this to be reliable. I'm anticipating 100,000 clients. I control both ends, but I want to deliver a solution that doesn't require changing the firewall for the majority of customers. A lag of one or two minutes before the information migrates to the server or comes down seems to be acceptable at this time.

We need to make the connection secure, so was thinking about SSL, but open to suggestions. Basically, what is the best binding to use in this situation so that we have a secure transmission and the system handles the stress and load in a way that works for 95% of clients out of the box (firewalls will not block in majority of firewall configurations).

1. Firewall: you can port sharing to some well known port, or add yourself to exception list if client is using windows firewall

2. Using self signed certificate on net.tcp binding using transport security would be ideal.