[X-Istence]

The Varnish authors have specifically stated they didn't want to introduce SSL into their process because of the added attack surface that adds. [0]

If you want SSL for Varnish, use something like Pound [1], stunnel [2], or HAProxy [3] to do the SSL termination and pass it off to Varnish...

I'm partial to Pound because it is lightweight and doesn't try to do any caching, it simply terminates the SSL and passes the request on.

[0] https://www.varnish-cache.org/docs/trunk/phk/ssl.html

[1] http://www.apsis.ch/pound

[2] https://www.stunnel.org/index.html

[3] http://haproxy.1wt.eu

[jimktrains2]

Re: HAProxy

from http://haproxy.1wt.eu : Update [2012/09/11] : native SSL support was implemented in 1.5-dev12. The points above about CPU usage are still valid though.

Wow, I've been out of the loop for a while then. Last time I used HAProxy I was using stud (https://github.com/bumptech/stud) to terminate.

[ruben_varnish]

Well, SSL is there, but it is still under development and has yet to hit a stable HAProxy release.

[feld]

Stunnel has been around doing this job for quite some time as well