Hitch - scalable TLS proxy

News

2023-08-09: Hitch 1.8.0 released A couple new features and bug fixes. See the changelog for more information.

2022-09-14: Hitch 1.7.3 released Fixes build for OpenSSL 3.0. See the changelog for more information.

2021-11-29: Hitch 1.7.2 released Minor maintenance release. See the changelog for more information.

2021-04-19: Hitch 1.7.1 released Minor fixes (changelog).

2020-10-27: Hitch 1.7.0 released. This introduces support for PROXYv2 in --proxy-proxy mode, adds new command line switches for various settings, and fixes a bug relating to an imbalance in worker process load distribution, among other things. See the changelog for more information.

2020-08-31: Hitch 1.6.1 released. Fixes an issue in the PROXYv2 handling where we sometimes would transmit the wrong 'verify' status for client certificate verification. (changelog)

2020-06-25: Hitch 1.6.0 released. Introduces support for client certificate authentication along with various other fixes and improvements. (changelog)

2019-11-27: Hitch 1.5.2 released. This release contains a fix for a bug in yesterday's release that prevented us from running as a non-privileged user. (changelog)

2019-11-26: Hitch 1.5.1 released. Adds support for TCP fast open, along with various minor bug fixes.(changelog)

2018-12-17: Hitch 1.5.0 released. Support for UNIX domain sockets, TLS1.3 and a few other features. (changelog)

2018-04-19: Hitch 1.4.8 released. This release brings the changes introduced in version 1.4.7 with a few additional fixes. (changelog)

2017-06-06: Hitch 1.4.6 released. Minor build-related fix. (changelog)

2017-05-31: Hitch 1.4.5 released. Maintenance release with various bug fixes. (changelog)

2016-12-22: Hitch 1.4.4 released. Maintenance release bringing OpenSSL 1.1.0 support and a few other fixes. (changelog)

2016-11-14: Hitch 1.4.3 released. Maintenance release since 1.4.2 had a build error on FreeBSD. OCSP Stapling is now enabled by default. (changelog)

Features

• ALPN/NPN for HTTP/2
• Support for TLS1.2 and TLS1.3 and legacy TLS 1.0/1.1
• SNI, with and without wildcard certificates
• Automatic OCSP stapling support
• Client certificate authentication
• PROXY protocol to signal client IP/port to backend
• Supports UNIX domain socket connections to origin
• Safe for large installations: performant up to 15 000 listening sockets and 500 000 certificates
• Support for seamless run-time configuration reloads of certificates and listen endpoints

Hitch is open-source software released under the BSD license. It originated in the abandoned stud project, which still provide much of the architectural base of the proxy. Main platform is Linux but it should work on other unixes with libev as well.

Binary packaging of Hitch is available in many Linux distributions (debian, enterprise linux) and in FreeBSD ports. See the wiki for links.

Latest releases

Stable: hitch-1.8.0.tar.gz

Older releases can be found in the source/ folder.

Resources

• Github project page
• Documentation
• Report issues
• Wiki
• List of changes

Related links

• Varnish Cache project
• Varnish Software
• SSL terminating benchmark (2011)