Varnish Software, the company behind the HTTP engine Varnish Cache, today announced that latest edition of Hitch, a scalable, open source network proxy designed to efficiently handle tens of thousands of connections on multicore machines. Hitch is easy to configure, has a low memory footprint, and is the ideal way of terminating client-side SSL/TLS for Varnish. The process is streamlined by the support for the PROXY protocol, which lets Varnish consider the original client’s endpoints as if there was no TLS proxy in between.
Hitch is forked from the “stud” project by Bump with patches from WhatsApp and lives on github as a standalone open source project. Varnish Software will review patches/pull requests made by the community. Licensed under 2-clause BSD license, Hitch is tested on Linux, but also works on other *nixes” as well. Hitch features include:
● Support for TLS1.0, TLS1.1 and TLS1.2;
● SNI, with and without wildcard certificates;
● Support for HAProxy’s PROXY protocol;
● Seamless configuration run-time reload support;
● Safe for large installations: performant up to 15 000 listening sockets and 500 000 certificates.
“Hitch simplifies the deployment of Varnish Cache by enabling TLS on the front end without having to deploy a third-party solution,” said Per Buer, founder and CTO, Varnish Software. “Varnish Software continues to be actively involved in the Varnish Cache community with contributions such as Hitch.”
Varnish Software will provide support for Hitch on commercial uses under the current Varnish Plus product package. For those who require TLS/SSL for both to the client and to the backend, Varnish Cache Plus 4 offers both client side and backend support for TLS/SSL.
You can download Varnish Hitch here.
Further details on Varnish Hitch here.