https://www.varnish-cache.org/docs/trunk/phk/ssl.html
在 Heartbleed 事件之后来看,真是太有预见性了。
在这篇 2011 年的文章里有这么一段:
There is no other way we can guarantee that secret krypto-bits do not leak anywhere they should not, than by fencing in the code that deals with them in a child process, so the bulk of varnish never gets anywhere near the certificates, not even during a core-dump.
在 Heartbleed 事件之后来看,真是太有预见性了。
在这篇 2011 年的文章里有这么一段:
There is no other way we can guarantee that secret krypto-bits do not leak anywhere they should not, than by fencing in the code that deals with them in a child process, so the bulk of varnish never gets anywhere near the certificates, not even during a core-dump.
4
Select Language