undefined | Better HN

0 pointsperbu2mo ago0 comments

Varnish Software released hitch to facilitate TLS for varnish-cache.

Now that Varnish has been renamed, Varnish Software will keep what has been referred to as a downstream version or a fork, which has TLS built in, basically taking the TLS support from Varnish Enterprise.

This makes Hitch a moot point. So, I assume it'll receive security updates, but not much more.

Wrt. separation of concerns. Varnish with in-core TLS can push terabits per second (synthetic load, but still). Sure, for my blog, that isn't gonna matter, but having a single component to run/update is still valuable.

In particular using hitch/haproxy/nginx for backend is cumbersome.

TLS is a primary concern on the internet today.

0 comments

3 comments · 1 top-level

time4tea2mo ago· 2 in thread

Totally agree. But, if i may, the docs on varnish and tls are hella confusing. I just re-read the varnish v9 docs, and its not clear at all that/if it supports tls termination.

Literally every doc, from the install guide to the "beef in the sandwich" talks about it NOT supporting tls termination... then one teeny para in "extra features in v9.0" mentions 'use -A flag'...

This is cool! But also, worth mentioning. Sure I know its an open source project so you don't owe anyone anything, but also one with a huge company behind it - and this is a huge change of stance and also, sounds cool.

perbuOP2mo ago

https://github.com/varnish/varnish/issues/33

It should be fixed fairly quick.

perbuOP2mo ago

we're not at all a huge company. we're 80 people with a lot on our plates trying to juggle this on top of everything else.

but I truly appreciate the feedback. I'll reach our to the team working on this and see if I can make this a bit clearer.

j / k navigate · click thread line to collapse