Poul-Henning Kemp details why Varnish doesn’t do SSL — basically due to the quality and complexity of open-source SSL implementations:
There is no other way we can guarantee that secret krypto-bits do not leak anywhere they should not, than by fencing in the code that deals with them in a child process, so the bulk of varnish never gets anywhere near the certificates, not even during a core-dump.Now looking pretty smart, post-Heartbleed.
Links for 2014-04-13
permalink. Both comments and trackbacks are currently closed.. Bookmark the