Theory: If only the bridged networking works, then a software component on the host OS is messing up the traffic.

Confirmed: Uninstalling the AV software (ESET Smart Security 5) fixed the problem. (I then re-installed the newer version 7, and the problem has not reappeared.)

The "problem" is that using Network Address Translation in Microsoft Virtual PC is firewalling your VM.

Did SSL connections to your VM ever work behind a NAT? It has always been like that with VPC. NAT is a quick and easy way to get Internet access, but it does not give you local networking. Use normal networking and let your vm get its network config the same way as the host OS does. Scroll to the bottom for other workarounds!

Here's a full explanation: The main difference between this and the bridge mode is that the guest is behind the NAT and it does not have a unique identity in the external network. It supports all connections which uses TCP/IP. Connecting using the bridge mode networking requires separate IP Address for the guest, thus in situations where there is a shortage of IP addresses, connecting using NAT is a valuable option. This option should also be used in cases when you don’t want to directly connect to an external network and remain behind this NAT. This acts as a strong firewall which protects the guest from outside attacks.

There are certain limitations while connecting using NAT. If the payload contains the source IP Address, then it may break as the IP address is replaced with the host but the payload will still contain the guest IP address. Also connecting via VPN from inside the guest is not supported. Some VPN requires raw sockets to be opened, which needs admin privileges to successfully open these sockets, whereas WVPC application runs in the user context. Applications using TCP/IP like Internet Browsing, messenger, shared access, etc. will work when connected using NAT. It is recommended to connect using the bridge mode when the guest needs to use VPN, or incoming connections.

Consider using the virtual switch options included in VPC: Use Virtual Switch networking to help you perform advanced networking functions on a Virtual PC guest PC. Networking features and functions that require Virtual Switch networking include the following:

Server software that uses predefined port numbers
Remote logon
Network performance analysis
Remote shells 

When you configure your guest PC Networking settings to use the Virtual Switch option, you have the following routing options:

• Local only. The guest PC does not send or receive information to or from the host PC. The guest PC does not send or receive information over your network. This setting can be useful for testing network protocols.
• Local and host. The guest PC sends and receives information over your network. In this case, the guest PC appears and behaves like any physical computer on your network.
• Local, host and external. This is the default setting. The guest PC can send and receive information on the network by using the network adapter that is configured in the Virtual Switch settings in Virtual PC Preferences. The guest PC can also do this with other guest PCs and with the host PC. In this case, the guest PC appears and behaves like any physical computer on your network, and therefore it can communicate with the host PC.
• External Only. Other guest PCs and the host PC do not receive information directly from the guest PC. Network information is sent and received on the network through the network adapter that is configured in the Virtual Switch settings in Virtual PC Preferences. This setting is useful for testing without affecting your host or your other guests.

To configure Virtual Switch networking options:

• In the Virtual PC window, click the guest PC that you want to configure, and then click Settings.
• Under PC Settings, click Networking.
• Under Networking, click Virtual Switch, click the option that you want to use, and then click OK.