HTTPS can be significantly faster than HTTP

Some technologies designed to make websites faster only work with HTTPS. One example is a protocol enhancement known as HTTP/2. Take the HTTP versus HTTPS test to see this in action (see https://www.httpvshttps.com/ for details).

When I first saw research showing HTTPS to be faster, I admit I was skeptical. I saw how much time the encryption adds in network waterfalls. Fortunately, the folks managing browsers and network stacks have done us a solid and smoothed out many of the issues that cause SSL to be slower than non-SSL, as illustrated in the following quote from Adam Langley at Google:

Because HTTP/2 multiplexes requests through a single connection, there is only one TLS handshake that must be completed. This reduces the time to retrieve assets and server load. Now the client and the server only need to perform a single handshake and encryption cycle.

The goal of HTTP/2 is to improve performance by undoing the shortcomings of the HTTP/1.1 specification. HTTP/2 eliminates connections by multiplexing responses, compressing headers, prioritizing responses, and allowing server-side push, as shown in the following image:

All browsers support HTTP/2 and most servers do as well. Windows 2016 was the last major operating system to ship HTTP/2 support. Since it is relatively new, there are not many production deployments online.

HTTP/2 does not change any of the HTTP semantics. Status codes, verbs, and other such phrases are things we have used for years, and thus will not break existing applications.

The de facto implementation that standard browsers are enforcing is HTTP/2 over TLS. While you could technically use HTTP/2 without TLS, browsers do not allow this approach.

The combination of the single connection and TLS handshake in concert with the other performance benefits that HTTP/2 offers mean that TLS is consistently faster than HTTP.