On Mon, 5 Sep 2011 13:55:38 +0200, Cédric Girard wrote:
On Mon, Sep 5, 2011 at 1:46 PM, Ray Rashif firstname.lastname@example.org wrote:
it slows down my inherently slow connection (think GPRS/EDGE/2G)
Do you have any figures to support this? I would be interested to see what the impact of HTTPS on the client side is.
Me too. We'd need some numbers to back this argument. I also wonder how many are really affected by having such a slow connection that this would actually matter. I wouldn't be surprised if this number is really low.
I think I already posted all arguments to this thread. So far the only argument against ssl consider valid is decrease of performance. Maybe someone could do some test on this; e.g. check how many bits are transferred using https vs http. Don't forget to take http keep-alive into consideration here. Whatever the outcome of this is, we will most likely spend most of the time in server side processing (sql queries, php). So instead of shutting down ssl we might want to optimize that at first. There are also some things you can tune on web server level (e.g. choosing a faster cipher etc.)
At the time I switched to https only for archlinux.de I did some tests and research. At least I couldn't notice any difference in load time using a quite slow connection.