On Sat, Jan 27, 2018 at 8:37 PM, Miguel González <[email protected]> wrote: > Dear all, > > I received recently an invitation for a webinar from Varnish about > cache encryption in Varnish Total Encryption. > > I am concerned about how Varnish Cache is going to deal with this. Any > plan to implement this in the open source version? Are we covered if we > use any kind of SSL termination with a SSL proxy?
Hi Miguel, There are no plans to open source Varnish Total Encryption, and using HTTPS by the means of a proxy on the same server as Varnish won't help either. To mitigate Meltdown and Spectre, you need an updated kernel and Linux doesn't completely mitigate Spectre yet (a recent GCC release address the second Spectre variant with the "retpoline" patches). You should mostly be worried about Meltdown and Spectre if you are running Varnish on shared machines provided by a hosting company (aka cloud provider). In this case Varnish Total Encryption would make it very hard to read the contents of your cache, but wouldn't protect the rest of your system (any other service running on your virtual machine). If you are caching more than just "public" resources with Varnish, that's a pretty good protection. Dridi _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
