-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 8/4/14, 11:34 AM, Mark H. Wood wrote: > On Fri, Aug 01, 2014 at 07:54:03PM -0400, David Kerber wrote: >> On 8/1/2014 6:06 PM, James H. H. Lampert wrote: >>>>> Why would you want to do that? Other than a few extra >>>>> server CPU cycles, what's the harm in allowing SSL anywhere >>>>> at the client's discretion? >>> >>> I'm with Chuck on that one. >>> >>>> From the docs: >>>> >>>> Also, while the SSL protocol was designed to be as efficient >>>> as securely possible, encryption/decryption is a >>>> computationally expensive process from a performance >>>> standpoint. >>> >>> Well, I'll say that I find it rather irritating, when on my >>> dial-up (YES, DIAL-UP) at home, that Google unilaterally >>> insists on HTTPS unless you're signed on, and explicitly opt >>> out of it. >>> >>> But then again, there are a LOT of web sites that are >>> immensely bandwidth-intensive, and actively hostile to older >>> browsers (that may nonetheless be the newest browsers available >>> for a given combination of hardware and OS), all for no good >>> reason (other than adware and spyware), and SSL is only a small >>> part of that unnecessary waste of bandwidth. >>> >>> But that said, I think that when there's no overriding security >>> reason to require SSL, and no overriding bandwidth limitation >>> reason to prohibit it, it should be the user's call on whether >>> to use HTTP or HTTPS. >> >> I don't think the problem is so much bandwidth as it is server >> CPU. Encryption and decryption are very cpu-intensive tasks. > > Negotiating the session key is expensive, but it happens once per > short session, and at long intervals for a long session. Most of > the session uses symmetric encryption, which is far, far cheaper. +1 Encryption is more expensive than /not/ encrypting, but it's much harder on the server (many connections) than it is on the client (single-digit). Since these days, everyone is disabling compression for SSL, the biggest problem for a dial-up connection for SSL would be the increased payload size. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJT3/FtAAoJEBzwKT+lPKRY7lMP/1NCWSHwdY0NzitW8p/mfqdG fkXwSGwzG26n6sC/vgdh1i1QA0nzqZvztCO1nMMLXhrvL4goh7WtbTH9n0Duv18X TQM5sNhG/GSjx3fSRFeVSW/fwjvNa5p4y1Wrsu2Ax/wRZn2Z43HmdFscy3WhbTL1 PRB5oXjLOj2p7kOY8uo/GZns1D6zCnAh5i2ElGACfvqWXa6h39wZZ5jYNSioatAk rfMcbw4z0zHUEvRhmsckm5WrLLwuvJN+xOHlITW2D1hh1NV8cAKjp7gCngkuo/4l H14gGrq+LsWjjPfuE7xKzqrFtT+6FuvIJbPvmdIey95pi1joF9FUT5oB6LxVaWO0 0iijDHnGcbI2da1sa0zR6RWkqh7tx6zxxskeZk+SGEyclHjleX9BIkEN+zX5lIhp bamoKljgSCnvuW7WNVSd6qxbXqkv9r8SmSiLEVdBFdHQXLLeyV3UY25M2XshQTDe 8RQbeO3yqHz5+KEWl+9L+XOt58MHDUEppbKcBJe6Vqme4BNuPOcFn63sqAq2HCi3 my0M2kJJjv5n7CtWCDRLiXzt1S3dvC7rO5wggp9hh4NP0T7zaw454EHlNihfUElg zDvU5PDNdvguT5/ICO9PTR6EhE4O8ngrYLYxgyxwXBE8jWGpq7JozQ8wBhp5rdLX 3qmKrlMdCDbh/3gd+ELr =A92+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
