HTTPS is the encrypted version of HTTP, and nowadays it is becoming a common practice to encrypt all the web traffic, not only sensitive one.
The drawback of HTTPS, apart from the need to buy expensive certificates and being dependent of a third party Certification Authority, is the increased CPU load (for the actual encryption) and bandwidth consumption (for addition protocol negotiation).
This overhead is not only a server side problem, but also a higher latency perceived by the client.
What is the actual overhead in terms of CPU load, bandwidth and latency?
What's the state of the art (on software, hardware and best practices) to reduce this overhead?