Index: src/wp-includes/post.php
===================================================================
--- src/wp-includes/post.php	(revision 30004)
+++ src/wp-includes/post.php	(working copy)
@@ -4941,6 +4941,7 @@
 		}
 	}

+
 	/*
 	 * If any of the above options failed, Fallback on the GUID as used pre-2.7,
 	 * not recommended to rely upon this.
@@ -4950,6 +4951,15 @@
 	}

 	/**
+	 * URLs should use HTTPS scheme if using SSL to avoid insecure content errors. Issue #15928.
+	 */
+	if ( is_ssl() || ( is_admin() && force_ssl_admin() ) ) {
+		$url = set_url_scheme( $url, 'https');
+	}
+
+	return $url;
+
+	/**
 	 * Filter the attachment URL.
 	 *
 	 * @since 2.1.0
Index: tests/phpunit/tests/post/attachments.php
===================================================================
--- tests/phpunit/tests/post/attachments.php	(revision 30160)
+++ tests/phpunit/tests/post/attachments.php	(working copy)
@@ -278,4 +278,46 @@
 		$this->assertEquals( $attachment->post_parent, $post_id );
 	}

+	/**
+	 * @ticket 15928
+	 */
+	function test_wp_get_attachment_url_ssl() {
+		$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+		$contents = file_get_contents( $filename );
+
+		$upload = wp_upload_bits( basename( $filename ), null, $contents );
+		$this->assertTrue( empty( $upload['error'] ) );
+
+		// Set attachment ID
+		$attachment_id = $this->_make_attachment( $upload );
+
+		// Remember initial settings
+		$force_ssl_admin = force_ssl_admin();
+
+		// Force SSL in the admin
+		force_ssl_admin( true );
+
+		// Should return scheme HTTPS in admin when SSL forced
+		set_current_screen( 'dashboard' );
+		$url = wp_get_attachment_url( $attachment_id );
+		$this->assertEquals( $url, set_url_scheme( $url, 'https' ) );
+
+		// Test non-admin pages
+		set_current_screen( 'front' );
+
+		// Return scheme HTTP from front when not using SSL
+		$_SERVER['HTTPS'] = 'off';
+		$attachment_url = wp_get_attachment_url( $attachment_id );
+		$this->assertEquals( $attachment_url, set_url_scheme( $attachment_url, 'http' ) );
+
+		// Return scheme HTTPS from front when using SSL
+		$_SERVER['HTTPS'] = 'on';
+		$attachment_url = wp_get_attachment_url( $attachment_id );
+		$this->assertEquals( $attachment_url, set_url_scheme( $attachment_url, 'https' ) );
+
+
+		// cleanup
+		force_ssl_admin( $force_ssl_admin );
+	}
+
 }