ssl for entire website

I heard at one point that it was a resource hog to force https over an entire website.  What is the lastest on this?  What are the potential downfalls of doing this?
LargeFarvaAsked:
Who is Participating?
 
Dave HoweSoftware and Hardware EngineerCommented:
That is literally true (although not an issue usually in practical terms). An SSL connection (without SSL acceleration) uses, on average, 3x the resources (cpu & memory mostly) as a plain HTTP connection.

However, that is usually a drop in the ocean compared to overheads due to other resources such as database or executable code (the cached dot-net assemblies for asp.net for example are huge, bloated resource hogs that dwarf connection space by an order of magnitude) unless you are running under such a load ratio that there is a queue of connections waiting for a worker thread.

I would suggest a policy of suck-it-and-see - if you turn it on, and load increases to an amount unacceptable for the load profile, then look at offloading the ssl to a frontend box.

Otherwise, just let it run, as sales of ssl acceleration for the real world are near-nonexistent these days (the warnings mostly come from an era of poor cpu resource, when handling 2048 bit RSA was a significant load) *except for* large hosting farms, where that CPU is a shared resource that can be more profitably sold to customers if dedicated SSL hardware is used to remove that load from the CPU.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.