Which is the protocol used in the transport layer in case of web services like e-commerce?
Yes, SSL is still used. However, newer protocol is also now used which is called “TLS”. It is almost the same as SSL but it adds one more “unsecured handshake” step before exchanging cipher suite information. I am not sure which “overhead” you are referring to. There is nothing in the protocol that does not need to be there. In fact, I dare say that the overhead of encryption is negligible. This is because when you are sending information over the wire, you are doing I/O. This is always very expensive, time-wise. But where you are encrypting data, it is lightning fast (coz it is done locally on your CPU), especially if they are TCP packats, which are individually small enough to be encrypted very, very fast indeed. So you may previously take lets say 100 seconds to send a file but with adding SSL you may take 103 seconds for e.g. Not much difference.
