: Cost of using SSL I am wondering on the cost of using SSL sitewide. It would be for a standard LAMP site. I know that this will be dependent on the many factors but, can some give me an

@Ogunnowo487

The most well-known case study on SSL deployment costs is Gmail's switch over to all-SSL for all requests. Adam Langley, Nagendra Modadugu and Wan-Teh Chang gave a talk on this at Velocity 2010, which Langley later did a write-up on on his blog.

According to the people at Google, the argument that SSL deployment has to be very costly for large sites has been made obsolete by modern hardware (faster processors, crypto instruction sets like AES-NI & CLMUL, and other hardware SSL acceleration technologies). Google was able to switch over to all HTTPS for Gmail without provisioning additional servers or adding any new hardware:


In January this year (2010), Gmail switched to using HTTPS for
everything by default. Previously it had been introduced as an option,
but now all of our users use HTTPS to secure their email between their
browsers and Google, all the time. In order to do this we had to
deploy no additional machines and no special hardware. On our
production frontend machines, SSL/TLS accounts for less than 1% of the
CPU load, less than 10KB of memory per connection and less than 2% of
network overhead. Many people believe that SSL takes a lot of CPU time
and we hope the above numbers (public for the first time) will help to
dispel that.

If you stop reading now you only need to remember one thing: SSL/TLS
is not computationally expensive any more.


It's safe to say that hardware technology has advanced even further since then, making SSL even cheaper to implement today than when this article was first written (given the right setup and optimizations, which Langley's Overclocking SSL writeup outlines).

Vote Up Vote Down