[wmf]

The article seems to contradict this: "An abbreviated handshake saves the server performing an RSA operation, but those are cheap anyway." Given that they are performing aggressive session caching, perhaps that 1% is mostly symmetric crypto.

[illumin8]

The problem is that even if you cache sessions, you still have to do the math to encrypt every packet. Encryption cost is a cube of key size. Please, contradict me. If you can, many cryptographers and mathematicians will thank you... :-)

Say what you will, but the difficulty of brute-forcing decryption is based on key length. You might be able to optimize the encryption using a certain length, but the key will still be vulnerable if it is only 1024 bit (as the article suggests).

[lmz]

For SSL, aren't the individual packets encrypted with a symmetric cypher e.g. AES, RC4, 3DES, etc?

[caf]

Yes, the data stream is encrypted using a symmetric cipher, as the linked article says. The overhead of this is trivial.

It's the key exchange at the start of a session that requires the server to perform expensive RSA operations, which is why session caching helps.