What is the overhead of using HTTPS compared to HTTP?

Question

What is the overhead of using HTTPS compared to HTTP?

I read this blog ( http://googlepublicpolicy.blogspot.com/2009/06/https-security-for-web-applications.html ) posted by Google without enabling HTTPS for gmail by default. One paragraph reads as shown below.

If there are negative consequences for the user or is otherwise impractical, we intend to enable HTTPS by default more widely, I hope for all Gmail users. We are also looking at how to make this work best for other applications, including Google Docs and Google Calendar (we also offer free HTTPS for these applications).

I did not understand what could be the negative consequences of switching to HTTPS. Is there benchmarking done over HTTP and HTTPS?

I feel that https actually includes some additional protocol messages and data encryption. Could these problems make sure that the default SSL browser code is loaded, etc.

Thank. Bala

+1

security networking

Boolean Dec 12 '09 at 4:57

source share

3 answers

https . , , , .

, 128- SSL ( ), - .

- SSL, - : - .

, .

+2

warren 14 . '09 15:40

HTTPS , , , . . , .

Typically, on servers with high HTTPS requirements, there is a restriction on which sections of the site use SSL or there are encryption cards that download the encryption process.

0

monksy Dec 12 '09 at 5:02

source share

Tom Hawtin - tackline · Accepted Answer · 2009-12-12T05:25:07+0000

The main cost of https is usually a key exchange at the beginning of a session, which is intense. Accelerated acceleration is available for this. If it is an EV certificate, it also needs revocation verification. Actual stream encryption is relatively cheap. Sun Niagara II has "zero service" encryption, which uses spare FPU cycles to perform processing.

What is the overhead of using HTTPS compared to HTTP?

More articles: