Two Way Process
A-Symmetric Cryptography
Verify the certificate and do the public crypto.
This is the expensive part. And it is important to optimize the steps:
- Peoplize it - Make a handshake once and use it for the same session
- Session Resumption - reuse the nagotiating parameters from the previous session once we initiate a new one, so we can use that same handshake.
- So we should use HTTP keepAlive (The HTTP Header: Connection: Keep-Alive) to keep the handshake
Symmetric Cryptography
Where and how we encrypt the actual application data.
So how does it affects the traffic load?
Today it is not so expensive. Modern CPUs can handle heavy https traffic loads.
