SSL revisited

I&#x27;m not sure how I feel about the Political PostScript section. It raises the following points against the concept of &quot;SSL Everywhere&quot;:<p>- &quot;you don&#x27;t want to bog down your countrys civil defence agency with SSL&#x2F;TLS protocol negotiations if their website is being deluged by people trying to survive a natural disaster&quot;<p>- &quot;there are people who do not have a right to privacy&quot;<p>- &quot;SSL Everywhere will force institutions to either block any internet connectivity or impose Man-in-The-Middle proxies&quot;<p>- &quot;SSL Everywhere [gives privacy] to the actors I think deserve it the least&quot;<p>- &quot;shady behaviour of big transnational, and therefore law-less, companies have been exposed by security researchers (or just interested lay-people) who ran tcpdump&quot;<p>- &quot;SSL Everywhere puts all traffic in the shade&quot;<p>--------<p>My opinion:<p>Without TLS, the Internet is either read-only or has reasonably high security risk.<p>I also noticed varnish-cache.org was served to me over TLS.

&gt; The most obvious example is that you don&#x27;t want to bog down your countrys civil defence agency with SSL&#x2F;TLS protocol negotiations, if their website is being deluged by people trying to survive a natural disaster.<p>If TLS overhead is the last straw that brings down a web site, the site&#x27;s infrastructure isn&#x27;t suitable for delivering safety-critical information.

<i>UPDATE&#x2F;CLARIFICATION: The author DID NOT say people don&#x27;t deserve privacy, he said &quot;there are people who do not have a right to privacy&quot; I misread that when he really meant that LEGALLY they do not have a right, not that he personally believed this. I would like to apologize for misrepresenting the author&#x27;s intent.</i><p>I&#x27;ll start by saying I don&#x27;t agree that some people don&#x27;t deserve privacy. I just can&#x27;t get behind that in literally any form. More and more computers and what we store on them are an extension of our minds. By this logic you are more or less reading my thoughts by knowing what I doing online (I could write a whole paper on this).<p>That said kudos to the author of varnish for actually coming out and explaining why he feels this way. Too often there is no insight into why something was done a certain why (or why it wasn&#x27;t done at all) and anything that sheds light on that is a good in my book. I understand and agree with where he is coming from in relation to it adding attack surface, complicating the code, and tying him up from working on other things. Those are all legit reasons coupled with the fact that this you can just use something like HAProxy or Pound in front of varnish.<p>For me nginx caching is good enough for my personal use and at work we are not to the point that using varnish would provide big enough gains to offset the time to implement it (we are SSL-only). That said I will continue to keep my eye on varnish because I have used it before and quite liked it.

Without discussing any of the political points (which felt out of place), this simply means that we will continue to not use Varnish.<p>Nginx&#x27; caching is good enough that it&#x27;s not worth the pain of trying to implement some wacky setup just to use Varnish.

It&#x27;s a good product for what it does -- I&#x27;ve rescued more than one site using it -- but the politics behind it have always been a little weird. Some of it is subtleties of Danish culture and humor not coming through.<p>But if you&#x27;re actually running Varnish the way he&#x27;d like you to, chances are something isn&#x27;t quite right with your architecture. Poul-Henning has strong opinions on everything from virtual memory to life on Mars and I really don&#x27;t need that stuff to be part of my web stack.<p>A little personal maturity to match the product maturity would help both advance.

Relatively recently I wrote a purpose-built web server that supports HTTPS and links with libssl. The experience was both good and &quot;interesting&quot;. The good is that it&#x27;s actually pretty easy to use libssl, even though the API is pretty terrible. Other than the configuration you already see in products like apache2&#x2F;nginx&#x2F;etc. there aren&#x27;t many knobs and levers to worry about. You simply hand a socket over to libssl and does the heavy lifting. Then you use the libssl functions to read&#x2F;write data and you can even use select() and friends to check if the socket is ready.<p>The &quot;interesting&quot; part comes from the fact that a socket may read when you want it to write and vice versa: the underlying protocol is more complex than just pushing bytes. This means that the socket needs to be able to read and write when you want to do one of those operations. There is also fragmentation of your data. You say &quot;send this 8 KB buffer&quot;, yet it gets sent in pieces (cipher blocks?), which can lead to some interesting issues (my server was for video streaming, and sending an incomplete frame resulted in artifacts). I solved some of this by enabling SSL_MODE_ENABLE_PARTIAL_WRITE (don&#x27;t block until everything is sent, just tell me what succeeded).<p>What I&#x27;m trying to say is that not enabling SSL because its code is a mess is an example of &quot;the enemy of good is perfect&quot;. While Varnish refuses to add SSL support, nginx has it. That&#x27;s why I use nginx and not Varnish.

&gt; The most obvious example is that you don&#x27;t want to bog down your countrys civil defence agency with SSL&#x2F;TLS protocol negotiations, if their website is being deluged by people trying to survive a natural disaster.<p>On the other hand, I don&#x27;t want China to bog down some contry&#x27;s civil defence (or any other website) by DDOSing it, injecting JS into unencrypted baidu traffic. Which one is causing more problems right now?

I can sympathize with the author&#x27;s feeling. TLS is incredibly complex. It seems that TLS libraries are all bad, setting them up is incredibly difficult, and hell, all the complaints about OpenSSL are not enough to do justice to its quality.<p>But no, Varnish is the optimal point for doing encryption, and placing anything on its front is contrary to any reason somebody would have to use it.

This article is written as if &quot;Should we use HTTPS?&quot; was still an open question. That boat has sailed.<p>If you can&#x27;t allow SSL on your network, you can&#x27;t allow use of Google and about 2000 sites which browsers will not even try opening via HTTP:<p><a href="https:&#x2F;&#x2F;code.google.com&#x2F;p&#x2F;chromium&#x2F;codesearch#chromium&#x2F;src&#x2F;net&#x2F;http&#x2F;transport_security_state_static.json" rel="nofollow">https:&#x2F;&#x2F;code.google.com&#x2F;p&#x2F;chromium&#x2F;codesearch#chromium&#x2F;src&#x2F;n...</a><p>Jail libraries and magic-cookie-hunting hackers have an option of installing their own CA certificate. This is supported by all browsers. It&#x27;s not hard, even Lenovo malware can do it.

If you&#x27;re interested in how you might isolate the private key in a separate process, as proposed by this article, I sketched out an implementation a year ago: <a href="https:&#x2F;&#x2F;www.agwa.name&#x2F;blog&#x2F;post&#x2F;protecting_the_openssl_private_key_in_a_separate_process" rel="nofollow">https:&#x2F;&#x2F;www.agwa.name&#x2F;blog&#x2F;post&#x2F;protecting_the_openssl_priva...</a><p>I hope to update it soon to support ECDSA keys in addition to RSA. (This wasn&#x27;t previously possible, but I think it&#x27;s now possible with OpenSSL 1.0.2.)

The case against the trendy push for &quot;HTTPS always, no exceptions&quot; is largely a set of corner cases everyone else is comfortable to ignore, so I&#x27;m glad someone is making it.

We don&#x27;t need Varnish anymore, we have Nginx now. Does anyone here use Varnish because Nginx isn&#x27;t good enough? If so, what is Varnish better at than Nginx, and by how much?