The biggest problems I personally have with switching to HTTPS only for my sites:
1. I simply don't have enough IPv4 addresses to put each SSL site on its own IP address, IPv6, sure, bring it on ... but generally if someone has IPv6 connectivity, then they have SNI (see 3)
2. I don't have the money to get a certificate with X amount of domains on it
3. SNI is still not a good idea simply because there exist still a lot of Windows XP clients that are unable to use it.
I am not too worried about the extra CPU cycles for the encryption decryption of connections...
Currently on my sites I don't have any reason to use SSL, other than that I would like to protect certain resources such that my account username/password for my personal blog don't go across the ether in plain-text. For that I currently use self-signed SSL certs from a personal root that I can trust in the computers I want to trust them in.
Single domain SSL certificates don't cost a lot of money or are even free[1] which are ideal for small/personal websites. Won't solve the three problems you listed, but saves you the trouble of installing your own personal root across your devices.
[1] StartSSL.com offers free 1 year single domain certificates.
HTTP and HTTPS are served on different ports so using a single IP for both typically isn't an issue. The issue here is that HTTP allows you to host multiple sites from one IP address, whereas HTTPS can only deliver a single certificate per IP address. This requires 1 IP per SSLed hostname. SNI lets you send multiple certificates on one IP, but client support isn't good enough yet. Multi-name certificates work better but can be more expensive.
If it's the "some corporations require IE6" argument, then it sounds like it's a business, and should be able to charge for the extra IP needed. But maybe I'm just horribly modern.
Anything using Microsoft's built-in crypto support, will still not work, I have a .NET based application I am supporting on Windows XP which still doesn't support SNI.
Also, my sites that I would want to enable would be public sites ... ones that I don't charge for since they are mostly public sites (but I still want to protect credentials for people posting comments and the like). So charging for an extra IP is simply not an option.
You don't understand, its not the web-server, it is the client's browser that is the issue. Until SNI came out, the handshake was made and validity of the key determined even before the "Host: xyz.com" header was sent in. Without the host header your webserver can't determine which key among the multiple sites it hosts should be used for authentication. The only way so far to support non-modern browsers and to host multiple SSL sites on the same server is to assign one IP per site; the server can use these IP's to lookup the respective keys.
You don't have to have SNI to host multiple unrelated SSL'd sites on one IP, given a Subject Alternate Name (SAN) cert and an httpd that accepts such a configuration.
1. I simply don't have enough IPv4 addresses to put each SSL site on its own IP address, IPv6, sure, bring it on ... but generally if someone has IPv6 connectivity, then they have SNI (see 3)
2. I don't have the money to get a certificate with X amount of domains on it
3. SNI is still not a good idea simply because there exist still a lot of Windows XP clients that are unable to use it.
I am not too worried about the extra CPU cycles for the encryption decryption of connections...
Currently on my sites I don't have any reason to use SSL, other than that I would like to protect certain resources such that my account username/password for my personal blog don't go across the ether in plain-text. For that I currently use self-signed SSL certs from a personal root that I can trust in the computers I want to trust them in.