I've been obsessively covering the Google HTTPS ranking boost and I have some more nuggets to give you.
You know that Google told us that invalid HTTPS pages still get the ranking boost, as long as they are on an HTTPS URL? Well that might change soon.
Google's Gary Illyes at SMX East told us that Googlers are actively working on handling "broken certificates." So invalid HTTPS clearly wouldn't get the ranking boost but even more, maybe by "demoting" the URL in the search results. Google currently will show the HTTP version (if available) if the HTTPS version shows an invalid certificate.
Google is also thinking about but not working on these three ideas:
(1) Is the e-commerce checkout process is all over HTTPS, if not, should it impact rankings?
(2) Does the site ask for login credentials over HTTPS, if not?
(3) Is the cipher strength of the certificate is at a certain level or not?
Forum discussion at Google+.
