After introducing HTTPS as an option two years ago, Facebook has now made Hypertext Transfer Protocol Secure (HTTP) default for all users. Scott Renfro, Software Engineer has announced the change in a note on the Facebook Engineering page.
The difference between HTTP and HTTPS browsing is the use of Transport Layer Security that makes the communication between social network's servers and browsers more secure.
Renfro quoted, "Switching to https is more complicated than it might seem. It’s not simply a matter of redirecting from http://www.facebook.com to https://www.facebook.com. We thought it’d be useful to walk through some changes we’ve already made and some improvements that we’re still working on."
Apart from getting into details of the steps social network tool would address, Renfro has also talked about how the conversion to HTTPS will affect performance of Facebook. He said,
"One of the biggest challenges in enabling HTTPS by default is performance. In addition to the network round trips necessary for your browser to talk to Facebook servers, HTTPS adds additional round trips for the handshake to set up the connection. A full handshake requires two additional round trips, while an abbreviated handshake requires just one additional round trip. An abbreviated handshake can only follow a successful full handshake.
For example, if you’re in Vancouver, where a round trip to Facebook’s Prineville, Ore., data center takes 20 milliseconds, then the full handshake only adds about 40 ms, which probably isn’t noticeable. However, if you’re in Jakarta, where a round trip takes 300 ms, a full handshake can add 600 ms. When combined with an already slow connection, this additional latency on every request could be very noticeable and frustrating. Thankfully, we’ve been able to avoid this extra latency in most cases by upgrading our infrastructure and using abbreviated handshakes."
"Turning on HTTPS by default is a dream come true, and something Facebook’s traffic, network, security infrastructure, and security teams have worked on for years. We’re really happy with how much of Facebook’s traffic is now encrypted, and we are even more excited about the future changes we’re preparing to launch," Renfro concluded.Facebook Makes HTTPS Default for All Users!,