In this chapter, I cover a few security points only as they relate to performance. If you are looking for pure security information, try Practical Unix and Internet Security, by Simpson Garfinkel and Gene Spafford (O’Reilly & Associates).
Secure HTTP (HTTPS) uses ordinary HTTP over the Secure Socket Layer (SSL) protocol on port 443 by default. SSL encrypts all traffic, so you can be confident that your content will not be intelligible to anyone snooping Internet packets. In fact, even the HTTP headers and all images will be encrypted. You might think that you can save some server CPU power by not encrypting images (that is, putting links to a non-SSL image server). However, browsers do not allow unencrypted images on SSL protected pages.
HTTPS uses public-key encryption just long enough to exchange keys, and then it switches to private-key encryption for better performance. The private keys will be cached by both the client and server so that additional connections to the same site will be faster, at least until the entry expires from the connection cache. ...