SSL

Kacper Wysocki kacperw at gmail.com
Mon Mar 14 12:05:27 CET 2011


On Mon, Mar 14, 2011 at 9:34 AM, Gerhard Schmidt <schmidt at ze.tum.de> wrote:
> Am 14.03.2011 08:55, schrieb Poul-Henning Kamp:
>> In message <4D7DC782.6050300 at ze.tum.de>, Gerhard Schmidt writes:
>>
>>> stunnel has the disatwantage that we loose the clientIP information.
>>
>> Doesn't it set a header with this information ?
>
> It's a tunnel. It doesn't change the stream. As I said, we use pound because
> it sets the header. But its another daemon to run and to setup. Another
> component that could fail. Integrating SSL in varnish would reduce the
> complexity.

What you meant to say is "integrating SSL in Varnish would increase
complexity".
Putting that component inside varnish doesn't automatically make it
infallable. As an added bonus, if SSL is in a separate process it
won't bring the whole server down if it fails, if that's the kind of
stuff you're worried about.

0K
-- 
http://kacper.doesntexist.org
http://windows.dontexist.com
Employ no technique to gain supreme enlightment.
- Mar pa Chos kyi blos gros




More information about the varnish-misc mailing list