I have a server which provides a few services through the web, some of those services must be logged into to be able to use them. For these services I have implemented SSL using level 3 CACert certificates from start to end so that the transfer of authentication data and any private information is secure.
My question is: Should I run SSL on absolutely everything? Meaning every site, blog and page that server is providing for. Since I have access to certificates and it doesn't really cost me anything to forward everything to https from http on all sites there is no reasons for me not to do so?
The reason for me asking is that when you go on the web in general, services, pages and whatnot are still using the standard non-encrypted connections which makes me wonder, is there a reason for this?
So far the only real arguments for not doing this that I can think of is the cost of cpu-time to process the extra data and providing entropy which can be limited in times of high utility.
I am looking for pros and cons in doing this.
Cheers.
