Why is the more secure HTTPS protocol not fully adopted on the nternet earlier


in mid March 2015, Baidu launched HTTPS security encryption service station, this is not a small boost to the popularity of HTTPS, but has been very secure HTTPS protocol did not early on the Internet by 2011? Know the netizen gives the following answer:


SSL certificate needs money. The more powerful the certificate fee. Personal sites, small sites are generally not necessary.


SSL certificate typically requires binding to IP, and cannot bind multiple domains on the same IP. IPv4 resources cannot support this consumption. SSL extension can be part of the solution to this problem, but more trouble, but also requires browser, operating system support. Windows XP does not support this expansion, taking into account the installed capacity of XP, this feature is almost useless.


HTTPS connection cache is not as efficient as HTTP, large traffic sites such as unnecessary and will not be used. Flow cost is too high.

HTTPS server connection to take up a lot of resources, to support a little more than the site needs to invest a greater cost. If all of the HTTPS is used, the average cost of VPS based on the assumption that most of the computing resources are idle will go up.

HTTPS handshake phase is relatively time-consuming, the site has a negative impact on the corresponding speed. If necessary, there is no reason to sacrifice the user experience.

the most critical, SSL certificate credit chain system is not safe. Especially in some countries (ahem, you know) can control the CA root certificate under the condition of man in the middle attack as possible.

in addition, the client is implanted numerous backdoors, Trojan, HTTPS connection is very limited role. Perhaps this is not like Alipay PayPal so easy to use one of the reasons.

Leave a Reply

Your email address will not be published. Required fields are marked *