Description: TLS has exactly one performance problem: it is not used widely enough. Everything else can be optimized.
Data delivered over an unencrypted channel is insecure, untrustworthy, and trivially intercepted. We owe it to our users to protect the security, privacy, and integrity of their data — all data must be encrypted while in flight and at rest. Historically, concerns over performance have been the common excuse to avoid these obligations, but today that is a false dichotomy. Let's dispel some myths.
The process of establishing and communicating over an encrypted channel introduces additional computational costs. First, there is the asymmetric (public key) encryption used during the TLS handshake. Then, once a shared secret is established, symmetric encryption takes over.
# upgrade to latest $> openssl version OpenSSL 1.1.1a 20 Nov 2018 # run benchmarks $> openssl speed sha $> openssl speed ecdh Good news is, modern hardware has made great improvements to help minimize these costs, and what once may have required additional hardware can now be done efficiently by the CPU.
Why No HTTPS? The World's Largest Websites Not Redirecting Insecure Requests to HTTPS
Does my site need HTTPS?
Faut-il HTTPS sur mon site ?
Why No HTTPS? The World's Largest Websites Not Redirecting Insecure Requests to HTTPS