According to people at CryptoAncienne (https://github.com/classilla/cryanc), a 25MHz 68030 needs about 22 seconds of maths to handshake a modern TLS server. During that time, most servers close connection.
So on an 1MHz 6502, I think it'd be minutes just for handshaking.
Shameless plug: that's pretty much proxy mode in Crypto Ancienne carl. https://github.com/classilla/cryanc
I feel like that team should go one step further and enable TLS natively with something like this:
No, it's largely CPU bound. I had a 68040 that would take around 45 seconds to generate ssh keys, and my little NetBSD Macintosh IIci with a 25MHz 68030 and no L2 card took 22 seconds for a single short TLS 1.2 transaction to a local test server. This wouldn't be a big problem if it weren't for the fact many servers just don't wait.
Shameless plug: a crypto client library oriented to old things. https://github.com/classilla/cryanc
It's the encryption. For Crypto Ancienne, it may take 20 or more seconds for a cacheless 25MHz '030 to do a local TLS 1.2 transaction, and that's with skipping a whole bunch of steps. Pretty much anything under 40MHz will have timeouts because most servers won't wait.