
Hitch: Scalable TLS termination proxy - jjoe
https://hitch-tls.org
======
mwpmaybe
I'm definitely interested in this if for no other reason than Varnish is a
particular nice piece of software. I would like to see a detailed feature and
performance comparison between Hitch and HAproxy but I can't seem to find one.
If only I had more time!

Previously:
[https://news.ycombinator.com/item?id=9687330](https://news.ycombinator.com/item?id=9687330)

~~~
jjoe
Varnish needs its "own" native TLS termination badly. I'm not sure if an
external proxy like Hitch will successfully fill the gap. I understand phk's
stance on Varnish doing ssl but with this announcement, it's clear pressure's
mounting.

~~~
mwpmaybe
I may be in the minority but I actually prefer that they are two different
layers. Keeps my compression (and DoS) cores separate from my encryption cores
and gives me two different levers to pull for scalability. HAproxy is so good
at what it does and Varnish is so good at what it does that while there is
some overlap (e.g. request/response rewriting) I can't help but think that any
attempt to merge the two feature-sets would result in something vastly
inferior.

~~~
jjoe
The reason I think Varnish needs a native TLS implementation is to be able to
talk directly to TLS backends. Otherwise you have a gaping hole in your stack
should one need Varnish to communicate over the Internet.

~~~
mwpmaybe
Ah, interesting. It looks like that feature has been added to Varnish Cache
Plus, but it hasn't yet made its way into the generally-available open source
product.

