Hacker News new | ask | show | jobs
by marcosdumay 4070 days ago
I can sympathize with the author's feeling. TLS is incredibly complex. It seems that TLS libraries are all bad, setting them up is incredibly difficult, and hell, all the complaints about OpenSSL are not enough to do justice to its quality.

But no, Varnish is the optimal point for doing encryption, and placing anything on its front is contrary to any reason somebody would have to use it.
1 comments
stephenr 4070 days ago
What makes varnish more optimal than a dedicated tls termination and load balancing layer?
link
marcosdumay 4069 days ago
After you add all that, what are you using Varnish for? Cache? Placing your cache at the load balancing instead of fetching pages from the network does actually save processing and memory.

If you use Varnish, it's almost certainly sitting at the best point for doing TLS termination.

link