Varnish Total Encryption

Varnish Total Encryption™ is cache encryption that securely protects all your cached data.

Varnish Total Encryption is a feature that not only makes your cache secure but also prevents any kind of malicious or accidental cache leak caused by vulnerabilities such as Heartbleed, Cloudbleed, and Meltdown. It uses dual key AES 256 encryption to assign each and every cache object its own unique encryption key. Each request is assigned one key based on the unique fingerprint of that request, ensuring that a visitor only has access to a very specific piece of content held in the cache. No two objects are encrypted using the same key. Any kind of leaked data from cache, whether malicious or accidental, would be entirely inaccessible.

For added security Varnish Total Encryption relies on kernel memory for the storage of all cryptographic keys. No object keys are stored longer than the request lifetime and all object keys are uniquely generated from the request fingerprint.

Varnish Total Encryption is offered as a VMOD and can be tailored to customers’ specific needs.

Benefits

Encrypts cached data at rest
Uses dual key encryption to assign a unique encryption key to each cached object
Prevents malicious and accidental data leaks from cache

Who should use Varnish Total Encryption?

All companies concerned about data security should consider encrypting their cached data. Varnish Total Encryption is particularly relevant for companies subject to the PCI and General Data Protection Regulation (GDPR) as these regulations highly recommend data encryption at all levels.

- Blog post: Introducing Varnish Total Encryption
- Blog post: Using Varnish Total Encryption to secure a CDN