I think Stuart's right. It's not so much the intrinsic overhead of SSL, it's that browsers typically don't cache resources served over https. This has the unfortunate result that linked images, css and javascript are redownloaded everytime. At the same time, browsers complain if you try to link to things like images at http URLs from https pages, with big scary warnings that "some parts of this page may be insecure."
The best solution I know of is to only use https for the login form, because that transmits a password, and let everything else be in the clear.
I think Stuart's right. It's not so much the intrinsic overhead of SSL, it's that browsers typically don't cache resources served over https. This has the unfortunate result that linked images, css and javascript are redownloaded everytime. At the same time, browsers complain if you try to link to things like images at http URLs from https pages, with big scary warnings that "some parts of this page may be insecure."
The best solution I know of is to only use https for the login form, because that transmits a password, and let everything else be in the clear.