SSL: Google vs. F5

Adam Langley, an engineer on Google’s Chrome team, wrote a blog post last summer titled Overclocking SSL. Adam argues that on today’s hardware, SSL connections are not computationally expensive, and showed us some statistics from GMail’s switch to HTTPS by default. He doesn’t go so far as to outright encourage other sites to do the same for their users, but the message is strongly implied. Last week, Lori MacVittie of F5 wrote a blog post (which was at least partially a response to Adam’s post) entitled Dispelling the New SSL Myth, in which she argues that SSL is only inexpensive if you use 1024-bit certificates and easier-to-crack ciphers like RC4.