> There are no plans to open source Varnish Total Encryption, and using > HTTPS by the means of a proxy on the same server as Varnish won't help > either. To mitigate Meltdown and Spectre, you need an updated kernel > and Linux doesn't completely mitigate Spectre yet (a recent GCC > release address the second Spectre variant with the "retpoline" patches).
when is expected those issues are solved? With OS issues mitigated, Varnish would be safe? > > You should mostly be worried about Meltdown and Spectre if you are > running Varnish on shared machines provided by a hosting company (aka > cloud provider). I do myself host several sites, should I be worried then? Thanks for answering! Miguel --- This email has been checked for viruses by AVG. http://www.avg.com _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
