I'm working on a specific use case where I need to send an encrypted header (for an HTTPS request) and unencrypted payload through the same socket. The purpose of this is for an upload speed test, where the server (of which I do not control) only cares about the http header being secure and not the payload. The payload consists of a large number of zeros, so sending them unencrypted is not a security concern in this case.
I could just send the payload encrypted, but in my opinion, that is wasted CPU time encrypting bytes
In theory TLS supports renegotiation and a null cipher that doesn't encrypt, so you could destroy security of an already-established connection. In practice I would not expect anybody to allow the null cipher, because it's basically a security vulnerability.
So no. You'd need to make a separate HTTP request or a direct TCP connection, but a TLS connection is designed to be secure from start to end.
It's also worth remembering that the main overhead of TLS comes from negotiating which cipher to use during the handshake, not from encrypting the main payload. Therefore, this sounds like a case of over-optimization to me.
On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.
And remember in this context that most modern CPUs (AMD, Apple, Intel, Qualcomm, Mediatek, Samsung etc) have hardware acceleration for AES, since it's such a commonly used symmetric cipher. As a result, if you're using AES, you're unlikely to be slowed down by encryption overhead.
I'm targeting a very old single-core 32-bit 400MHz ARM9 CPU actually which is why I'm trying to do everything without TLS in the first place. I have eyeballed the CPU usage on top during these upload tests with TLS and it makes out at 100% (as observed by top), so this makes me think I definitely am bottlenecking on TLS
What speed test servers are you using? I seem to remember HTTP fallback was available on speedtest.net servers a few years ago. I'm not sure if this feature is still around.