You can't send any traffic out a span port on firepower. Passive ports don't send traffic.
If you do decrypt on Firepower, the 80% hit on throughput because everything is running on Software needs to be factored in. As long as you do that, you should be OK.
At some point the encryption chips to enable SSL decryption in the FTD platforms will be enabled, and then the throughput should go up for SSL.