You can read all about it in this thread:
[webmasterworld.com...]

Okay thanks. I also found this article but it doesn't seem to say that:

[venturebeat.com...]

It's not a rumor any longer. Just plan for it.

I am not understanding.
Which pages have to be SSL? All pages? Those that request information?
What about if all payments are taken on Paypal? Does the page that links to Paypal have to be SSL?

What if we just "noindex, no follow the pages"? Will this help?

Why is there so little about this if it is imminent?

You know Google is getting on my last nerve. Do they think business owners have nothing better to do than to participate in their own make work projects? They add nothing to the bottom line and so far all the time and energy I have devoted to making my site mobile friendly has not helped the rankings, I am sure this SSL business won't either.

Which pages have to be SSL?

Pages with forms are a must. But all pages should be.

What if we just "noindex, no follow the pages"? Will this help?

No this will not do anything.
If you are not https it is "Chrome" that will display the warning. This has nothing to do with rankings. Indirectly, when users see warnings they probably wont interact with the page so that can negatively impact your rankings in the long run.

If you have a purely informational site with no forms and no exchange of user data you will probably not be impacted by this change. But, in the long run as more and more sites convert to https users will grow accustomed to seeing the green pad lock in their address bar and at some point not showing the pad lock will be seen as negative. So you can make the change now or wait until all you traffic has slowly dwindled and then make the change and hope to regain it.

I agree it is very much the same as mobile/responsive, there was no direct benefit to making the change, no ranking boost, no measurable gain in traffic. When I made the change I saw no difference in traffic. Now 60% of my traffic is from mobile and I have a had a negligible increase in desktop traffic. So was the decision to go mobile a good one, I think so. I am not ready to forgo 60% of my traffic.

We have one http site and one https site. (The latter began life as https and didn't require conversion.)

I plan on converting the http site to https between mid-November and mid-December, which is our slowest time of the year in terms of both traffic and revenue. (Just in case I screw anything up, we'll have less to lose while I'm fixing it.) And I don't expect any benefits from the conversion: It's just something that probably needs to be done because it's becoming the new standard.

When the leap to web (from a host point of view) falls off because of security hoops and loops that stymie new accounts, I suspect host solutions will make HTTPS PART OF THEIR OFFER rather than a tack on. When that happens the web will be encrypted. Until then, the web will be as it is right now. Only those who collect PII (via form or other) will have to either LetsEncrypt or other certificate method to comply with ordinary security for compliance with browsers or banking laws. Could be done now, but that would change basic $25/year hosting solutions to a much larger amount.

I have spent all year getting my 2 sites mobile-friendly and it has been a ton of work. I have seen no improvement in the rankings as a result.

You should see a significant advantage from being mobile-friendly in a few months with the implementation of the
Mobile-First Index [webmasterworld.com] .

Eventually any page not secure will display some type of browser warning. IMO it's actually trickier to only have a couple pages HTTPS and the rest of the site HTTP. Why not just switch them all and be done with it.

Working on the web is about change. The web will continue to change. We all have to do it. Never a dull moment :)

it's actually trickier to only have a couple pages HTTPS and the rest of the site HTTP. Why not just switch them all and be done with it.

Totally agree. If the change causes temporary pain, there is no point dragging it out. And if it is seamless... there's no reason to drag it out.

Even if you only serve information, with no collection, key reasons to change include:
- Potential ranking boost
- Avoid security-conscious page abandonment
- Maximise Analytics and Server log utility

Quoting for emphasis:

This has nothing to do with rankings.

I'm surprised I had to scroll down so much to find someone pointing this out. Rumors like this are harmful.

@hermosa: You (or whoever you got the rumor from) are confusing the search rankings with the Chrome browser. I think we're still quite some time away from HTTP sites being actively demoted in the search results. Obviously, it would still be a good idea to "get with the program", but don't rush it, make sure you get it right -- a faulty implementation of HTTPS can hurt your rankings (at least temporarily).

I have just gone for it as I was loosing traffic anyway I just switched this week. Whatever is to be is to be. You got to do it at some point.