Advantages: SEO. Google adjusted its search engine algorithm in August 2014 and said that "compared with the same HTTP website, the website using HTTPS encryption will rank higher in the search results". Security. Although HTTPS is not absolutely secure, organizations that master root certificates and encryption algorithms can also carry out man in the middle attacks. However, HTTPS is still the most secure solution under the current architecture, which has the following advantages:
1. Use HTTPS protocol to authenticate users and servers and ensure that data is sent to the correct client and server;
2. HTTPS protocol is a network protocol built by SSL+HTTP protocol that can be used for encrypted transmission and identity authentication. It is safer than http protocol, which can prevent data from being stolen and changed during transmission and ensure data integrity.
3. HTTPS is the most secure solution under the current architecture. Although it is not absolutely secure, it greatly increases the cost of man in the middle attacks.
Disadvantages: SEO. According to ACM CoNEXT data, using the HTTPS protocol will extend the page loading time by nearly 50%, and increase the power consumption by 10% to 20%. In addition, the HTTPS protocol will also affect the cache, increase data overhead and power consumption, and even the existing security measures will also be affected. Moreover, the encryption scope of HTTPS protocol is also relatively limited, and it plays little role in hacker attacks, denial of service attacks, server hijacking, etc. Most importantly, the credit chain system of SSL certificates is not secure. Especially when some countries can control the CA root certificate, man in the middle attack is also feasible.
Economic aspects
1. SSL certificates cost money. The more powerful the certificate, the higher the cost. Personal websites and small websites are unnecessary and will not be used generally.
2. SSL certificates usually need to be bound to an IP address. Multiple domain names cannot be bound to the same IP address. IPv4 resources cannot support this consumption. (SSL has an extension that can partially solve this problem, but it is troublesome and requires browser and operating system support. Windows XP does not support this extension. Considering the installed capacity of XP, this feature is almost useless.)
3. HTTPS connection caching is not as efficient as HTTP, and high traffic websites will not use it unless necessary. Traffic costs are too high.
4. HTTPS connection takes up a lot of resources on the server side, and supporting websites with a little more visitors requires a higher cost. If HTTPS is adopted, the average cost of VPS based on the assumption that most computing resources are idle will increase.
5. The handshake phase of HTTPS protocol is time-consuming and has a negative impact on the corresponding speed of the website. If it is unnecessary, there is no reason to sacrifice the user experience.
Attitude of search engines towards HTTPS
Google's attitude
Google's attitude towards the inclusion of HTTPS sites is no different from that of HTTP sites, and even takes "whether to use secure encryption" (HTTPS) as a reference factor in the search ranking algorithm. Websites using HTTPS encryption technology can get more opportunities to display, and ranking is more advantageous than HTTP sites of similar websites. Moreover, Google has made it clear that "we hope all webmasters will use the HTTPS protocol instead of HTTP", which shows its determination to achieve the goal of "HTTPS everywhere".
Baidu's attitude
Although Baidu once said that "it will not actively crawl https pages", it is "bitter" that "many https pages cannot be included". Last September, Baidu published an article on "How to build https sites to be friendly to Baidu", giving four suggestions and specific operations to "improve the Baidu friendliness of https sites".
In addition, the recent event of "Baidu Full Site HTTPS Encryption Search" also highlights Baidu's emphasis on HTTPS encryption again. It can be seen that Baidu does not "dislike" HTTPS sites, so "not actively grabbing" should also be temporary.
Most of the articles on this site are original and used for personal learning records, which may be helpful to you, for reference only!
