Poul-Henning Kamp phk at
Mon Mar 14 13:17:59 CET 2011

In message <4D7E0357.4070204 at>, Gerhard Schmidt writes:

>Managing more config and more daemons always increses the complexity.
>More Daemons increse the probabilty of failure and increase the monitioring
>More Daemons increase the probailty of security problems.
>More Daemons increase the amount of time spend keepings the system up to date.
>It might increase the complexity of varnish but not the system a hole.

I can absolute guarantee you, that there would be no relevant
difference in complexity, because the only way we can realistically
add SSL to varnish is to start another daemon process to do it.

Adding that complexity to Varnish will decrese the overall security
relative to having the SSL daemon be an self-contained piece of
software, simply as a matter of code complexity.


Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-misc mailing list