I've been playing with ethernet modules and sending some data on my server via HTTP POST request from my STM32F103 board. I'm currently using USR K6 module communicating via UART with AT commands. And it works. I borrowed it to my friend, who is a security freak, and he told me his home server only exclusively accepts HTTPS and of course, my little gadget doesn't work for him. He also said he doesn't want to accept plain HTTP since it's a security hazard.
Now, he is always overreacting in regard of internet security. His passwords are kilometer long passwords...
What worries me is that he told me that internet hosting companies will soon begin to stop supporting plain HTTP and that my module won't work on my website anymore. Is that true? I've asked my web hosting company but their response always takes days.
Second question is: for IoT, is HTTP instead HTTPS really that bad? From what I've read most of IoT doesn't support HTTPS because of their memory and processing power. Is it really worth to raise cost and complexity 5 times only to support HTTPS?
Third question: I found only one ethernet module which supports HTTPS and it's this one
https://www.eztcp.com/en/products/cse-m53g, which is sold on only 2 web pages on the internet and it costs about 40-45 euros, which is about 5 times what my current module costa and about 20 times what my other module W5500 costs. Is there any good and cheaper solution for implementing HTTPS in my embedded product?