All Web administrators want to secure their sites for the benefit of their users (we hope), but doing so can be a cumbersome and error-prone task. Now, those using the Varnish Web acceleration software will have a helping hand in this task, as the enterprise edition can be configured to deliver encrypted traffic.
The enterprise edition of Varnish Plus now includes the ability to fully manage SSL/TLS (Secure Socket Layer/Transport Layer Security) encrypted sessions between server and client, securing through encryption the data exchange between users and the Web server software. Until this new release, Varnish customers would have to implement third-party SSL/TLS software, which can be time-consuming, and add to the complexity of the Web site’s back-end operations.
Although the SSL and TLS protocols have been in the news over the past year for critical vulnerabilities, they remain the dominant way of securing communication between browsers and Web servers.
The use of SSL/TLS has grown more urgent of late as concerns about Web privacy continue to gain steam. Last year, Google announced it would give preferential search ranking to sites with full encryption. Websites that conduct monetary transactions are usually secured by some form of SSL/TLS, though Google wants all other sites to use the protocols as well, so third parties can’t eavesdrop on what Web content a user may be perusing.
First developed by Poul-Henning Kamp, the key developer behind the FreeBSD operating system, Varnish is open source Web acceleration software designed to speed the performance of Web sites with large amounts of changing content, through the smart use of virtual memory. Over 2.3 million Web sites use the software, according to the company, including such large-scale operations as the New York Times and Vimeo.