A scalable TLS proxy

hitch is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It’s designed to handle 10s of thousands of connections efficiently on multicore machines.

It follows a process-per-core model; a parent process spawns N children who each accept() on a common socket to distribute connected clients among them. Within each child, asynchronous socket I/O is conducted across the local connections using libev and OpenSSL‘s nonblocking API. By default, hitch has an overhead of ~200KB per connection–it preallocates some buffer space for data in flight between frontend and backend…”