>Practically it is difficult to provide SSL protected downloads at all. Many important software projects can only be downloaded in the clear, such as Ubuntu, Debian, Tails, Qubes OS, etc. This is because someone has to pay the bill and SSL (encryption) makes it more expensive. At the moment we don't have any mirror supporting SSL. We're looking for SSL supported mirrors to share the load.
Is it not true that mirrors supporting SSL are more expensive?
"On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10 KB of memory per connection and less than 2% of network overhead. Many people believe that SSL/TLS takes a lot of CPU time and we hope the preceding numbers will help to dispel that."
- Adam Langley, Google
Getting an SSL certificate used to be a cost, but that's taken care of now by https://letsencrypt.org/.
There are multiple named projects there that aren't using SSL, and I don't think it's just laziness. If you know of a way for them to use SSL mirrors for no additional cost, I'll work on getting them to switch over.
I suspect that wiki page you linked might be out of date. It seems like all of the Whonix download links on their website are over https, like the VirtualBox images https://www.whonix.org/download/220.127.116.11.2/Whonix-Workstatio....
Whonix also runs a tor mirror, which has significantly more overhead than TLS.
For tails: https://tails.thecthulhu.com/. It appears to be the same server behind http://dl.amnesia.boum.org/ based on the TLS cert.
The situation is messy to actually use https for all of these projects, but I think the issue now is organization rather than overhead.
I seem to remember downloading whonix from their site over HTTP around a year ago.
Do you see a tails HTTPS mirror?