Originally Posted by serothis
it's trivial for small things that aren't schedule sensitive (and depending on method of encryption). So for your normal webpages, sure the difference will be negligible. Imagine encrypting Netflix or Skype. And if they wanted to extend it to all network use (games included) that might cause lots of issues with delays. It would also be heavily impacted by local hardware. You for example have a 4770k, which is new and top of the line, and I believe haswell was supposed to be very good at encryption. But consider the general public that might be running on 5+ year old machines.
CPU encryption only matters if the software leverages the extensions. 256-bit encryption is totally trivial, I have a firewall at home (and a couple clients that have the same set-up) that has an Atom in it that has multiple IPSec VPN tunnels running AES-256 for Phase 1 and Phase 2, and it has no problem maxing out the 50Mbps internet connection on those tunnels.
And when I say no problem, it hardly goes above 3% utilization during traffic (with IPS/IDS disabled, of course).
Originally Posted by PappaSmurfsHarem
I'm more worried about Load balancers. F5's etc...
It's reasonably safe to assume most web servers/services are behind a loadbalancer. They have to decrypt all the data and send the decrypted packets to the servers then re-encrypt to send back to the client.
They are designed to do this, but when all traffic is required to be encrypted/decrypted 100% of the time that's going to be alot of load on the devices.
TCP/UDP headers are often not encrypted, but the data within them is. Otherwise routers would have to decrypt/encrypt every SSL packet to route them, which isn't practical.
It won't stop people from figuring out what IPs are connected to what services, but the contents of the data will be better protected.