Hitch, is a scalable, open source network proxy designed to efficiently handle tens of thousands of connections on multicore machines.
Without a security layer protecting your web traffic, both you and your business are vulnerable. OpenSSL vulnerabilities are well-known, but it is neither wise nor viable to send web traffic without SSL/TLS termination.
Hitch is a scalable, open source, high performance, libev-based SSL/TLS proxy. It features support for TLS 1.0, 1.1 and 1.2 and is safe for large installations, with up to 15,000 listening sockets and 500,000 certificates. The successor of the Stud project, Hitch is faster, smaller and single-purpose, finally allowing for SSL/TLS both behind and in front of your Varnish installations.
Features and Benefits
Hitch is open source software licensed under a 2-clause BSD license. It has been tested on Linux, but is compatible with other *nixes.
- Support for TLS1.0, TLS1.1 and TLS1.2
- SNI, with and without wildcard certificates
- Support for HAproxy's PROXY protocol
- Safety for large installations with multiple listening sockets and certificates
- Support for seamless run-time configuration reloads of certificates and listen endpoints
Varnish Software also provides support for Hitch for commercial use under the current Varnish Plus product package.
Who Should Use Hitch?
SSL is the backbone of internet security, but the cost of reliable security can be prohibitive.
Varnish Software users who:
- want to protect their web traffic
- are concerned about vulnerabilities in other open source or third-party offerings
- are not in a financial position to adopt costly third-party services can benefit from using Hitch.