|
|
|
|
|
|
by smonte
4449 days ago
|
|
|
A bit off topic, but Varnish seems to have a valid point about using Varnish and SSL. https://www.varnish-cache.org/docs/trunk/phk/ssl.html "There is no other way we can guarantee that secret krypto-bits do not leak anywhere they should not, than by fencing in the code that deals with them in a child process, so the bulk of varnish never gets anywhere near the certificates, not even during a core-dump." I came across this when looking for https support few weeks ago. |
|
|
Via one of PHK's latest tweets:
https://twitter.com/bsdphk/status/453623583256760321
You can see (video) another of his comments regarding OpenSSL from his KeyNote at FOSDEM: http://ftp.belnet.be/FOSDEM/2014/Janson/Sunday/NSA_operation...