From mdounin at mdounin.ru Tue Jan 26 16:31:34 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Jan 2016 19:31:34 +0300 Subject: [nginx-announce] nginx-1.9.10 Message-ID: <20160126163134.GP9449@mdounin.ru> Changes with nginx 1.9.10 26 Jan 2016 *) Security: invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process (CVE-2016-0742). *) Security: use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact (CVE-2016-0746). *) Security: CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747). *) Feature: the "auto" parameter of the "worker_cpu_affinity" directive. *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work with IPv6 listen sockets. *) Bugfix: connections to upstream servers might be cached incorrectly when using the "keepalive" directive. *) Bugfix: proxying used the HTTP method of the original request after an "X-Accel-Redirect" redirection. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Jan 26 16:31:51 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Jan 2016 19:31:51 +0300 Subject: [nginx-announce] nginx-1.8.1 Message-ID: <20160126163151.GT9449@mdounin.ru> Changes with nginx 1.8.1 26 Jan 2016 *) Security: invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process (CVE-2016-0742). *) Security: use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact (CVE-2016-0746). *) Security: CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747). *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work if not specified in the first "listen" directive for a listen socket. *) Bugfix: nginx might fail to start on some old Linux variants; the bug had appeared in 1.7.11. *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" and "alias" directives were used inside a location given by a regular expression; the bug had appeared in 1.7.1. *) Bugfix: the "try_files" directive inside a nested location given by a regular expression worked incorrectly if the "alias" directive was used in the outer location. *) Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.7.5. *) Bugfix: a segmentation fault might occur in a worker process if different ssl_session_cache settings were used in different virtual servers. *) Bugfix: the "expires" directive might not work when using variables. *) Bugfix: if nginx was built with the ngx_http_spdy_module it was possible to use the SPDY protocol even if the "spdy" parameter of the "listen" directive was not specified. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Jan 26 16:32:17 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Jan 2016 19:32:17 +0300 Subject: [nginx-announce] nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747) Message-ID: <20160126163217.GX9449@mdounin.ru> Hello! Several problems in nginx resolver were identified, which might allow an attacker to cause worker process crash, or might have potential other impact: - Invalid pointer dereference might occur during DNS server response processing, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash (CVE-2016-0742). - Use-after-free condition might occur during CNAME response processing. This problem allows an attacker who is able to trigger name resolution to cause worker process crash, or might have potential other impact (CVE-2016-0746). - CNAME resolution was insufficiently limited, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747). The problems affect nginx 0.6.18 - 1.9.9 if the "resolver" directive is used in a configuration file. The problems are fixed in nginx 1.9.10, 1.8.1. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Feb 9 14:29:49 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 9 Feb 2016 17:29:49 +0300 Subject: [nginx-announce] nginx-1.9.11 Message-ID: <20160209142949.GG70672@mdounin.ru> Changes with nginx 1.9.11 09 Feb 2016 *) Feature: TCP support in resolver. *) Feature: dynamic modules. *) Bugfix: the $request_length variable did not include size of request headers when using HTTP/2. *) Bugfix: in the ngx_http_v2_module. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Wed Feb 24 15:11:01 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 24 Feb 2016 18:11:01 +0300 Subject: [nginx-announce] nginx-1.9.12 Message-ID: <20160224151101.GK31796@mdounin.ru> Changes with nginx 1.9.12 24 Feb 2016 *) Feature: Huffman encoding of response headers in HTTP/2. Thanks to Vlad Krasnov. *) Feature: the "worker_cpu_affinity" directive now supports more than 64 CPUs. *) Bugfix: compatibility with 3rd party C++ modules; the bug had appeared in 1.9.11. Thanks to Piotr Sikora. *) Bugfix: nginx could not be built statically with OpenSSL on Linux; the bug had appeared in 1.9.11. *) Bugfix: the "add_header ... always" directive with an empty value did not delete "Last-Modified" and "ETag" header lines from error responses. *) Workaround: "called a function you should not call" and "shutdown while in init" messages might appear in logs when using OpenSSL 1.0.2f. *) Bugfix: invalid headers might be logged incorrectly. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: in the ngx_http_v2_module. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Mar 29 15:32:35 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 29 Mar 2016 18:32:35 +0300 Subject: [nginx-announce] nginx-1.9.13 Message-ID: <20160329153235.GO36620@mdounin.ru> Changes with nginx 1.9.13 29 Mar 2016 *) Change: non-idempotent requests (POST, LOCK, PATCH) are no longer passed to the next server by default if a request has been sent to a backend; the "non_idempotent" parameter of the "proxy_next_upstream" directive explicitly allows retrying such requests. *) Feature: the ngx_http_perl_module can be built dynamically. *) Feature: UDP support in the stream module. *) Feature: the "aio_write" directive. *) Feature: now cache manager monitors number of elements in caches and tries to avoid cache keys zone overflows. *) Bugfix: "task already active" and "second aio post" alerts might appear in logs when using the "sendfile" and "aio" directives with subrequests. *) Bugfix: "zero size buf in output" alerts might appear in logs if caching was used and a client closed a connection prematurely. *) Bugfix: connections with clients might be closed needlessly if caching was used. Thanks to Justin Li. *) Bugfix: nginx might hog CPU if the "sendfile" directive was used on Linux or Solaris and a file being sent was changed during sending. *) Bugfix: connections might hang when using the "sendfile" and "aio threads" directives. *) Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives when using variables. Thanks to Piotr Sikora. *) Bugfix: in the ngx_http_sub_filter_module. *) Bugfix: if an error occurred in a cached backend connection, the request was passed to the next server regardless of the proxy_next_upstream directive. *) Bugfix: "CreateFile() failed" errors when creating temporary files on Windows. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Apr 5 15:11:32 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Apr 2016 18:11:32 +0300 Subject: [nginx-announce] nginx-1.9.14 Message-ID: <20160405151132.GV36620@mdounin.ru> Changes with nginx 1.9.14 05 Apr 2016 *) Feature: OpenSSL 1.1.0 compatibility. *) Feature: the "proxy_request_buffering", "fastcgi_request_buffering", "scgi_request_buffering", and "uwsgi_request_buffering" directives now work with HTTP/2. *) Bugfix: "zero size buf in output" alerts might appear in logs when using HTTP/2. *) Bugfix: the "client_max_body_size" directive might work incorrectly when using HTTP/2. *) Bugfix: of minor bugs in logging. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Apr 19 16:21:25 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 19 Apr 2016 19:21:25 +0300 Subject: [nginx-announce] nginx-1.9.15 Message-ID: <20160419162125.GE36620@mdounin.ru> Changes with nginx 1.9.15 19 Apr 2016 *) Bugfix: "recv() failed" errors might occur when using HHVM as a FastCGI server. *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" directives a timeout or a "client violated flow control" error might occur while reading client request body; the bug had appeared in 1.9.14. *) Workaround: a response might not be shown by some browsers if HTTP/2 was used and client request body was not fully read; the bug had appeared in 1.9.14. *) Bugfix: connections might hang when using the "aio threads" directive. Thanks to Mindaugas Rasiukevicius. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Apr 26 14:01:11 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Apr 2016 17:01:11 +0300 Subject: [nginx-announce] nginx-1.10.0 Message-ID: <20160426140111.GB36620@mdounin.ru> Changes with nginx 1.10.0 26 Apr 2016 *) 1.10.x stable branch. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue May 24 16:26:53 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 24 May 2016 19:26:53 +0300 Subject: [nginx-announce] nginx-1.11.0 Message-ID: <20160524162653.GB36620@mdounin.ru> Changes with nginx 1.11.0 24 May 2016 *) Feature: the "transparent" parameter of the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. *) Feature: the $request_id variable. *) Feature: the "map" directive supports combinations of multiple variables as resulting values. *) Feature: now nginx checks if EPOLLRDHUP events are supported by kernel, and optimizes connection handling accordingly if the "epoll" method is used. *) Feature: the "ssl_certificate" and "ssl_certificate_key" directives can be specified multiple times to load certificates of different types (for example, RSA and ECDSA). *) Feature: the "ssl_ecdh_curve" directive now allows specifying a list of curves when using OpenSSL 1.0.2 or newer; by default a list built into OpenSSL is used. *) Change: to use DHE ciphers it is now required to specify parameters using the "ssl_dhparam" directive. *) Feature: the $proxy_protocol_port variable. *) Feature: the $realip_remote_port variable in the ngx_http_realip_module. *) Feature: the ngx_http_realip_module is now able to set the client port in addition to the address. *) Change: the "421 Misdirected Request" response now used when rejecting requests to a virtual server different from one negotiated during an SSL handshake; this improves interoperability with some HTTP/2 clients when using client certificates. *) Change: HTTP/2 clients can now start sending request body immediately; the "http2_body_preread_size" directive controls size of the buffer used before nginx will start reading client request body. *) Bugfix: cached error responses were not updated when using the "proxy_cache_bypass" directive. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue May 31 16:41:35 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 31 May 2016 19:41:35 +0300 Subject: [nginx-announce] nginx-1.11.1 Message-ID: <20160531164135.GS36620@mdounin.ru> Changes with nginx 1.11.1 31 May 2016 *) Security: a segmentation fault might occur in a worker process while writing a specially crafted request body to a temporary file (CVE-2016-4450); the bug had appeared in 1.3.9. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue May 31 16:42:12 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 31 May 2016 19:42:12 +0300 Subject: [nginx-announce] nginx-1.10.1 Message-ID: <20160531164212.GW36620@mdounin.ru> Changes with nginx 1.10.1 31 May 2016 *) Security: a segmentation fault might occur in a worker process while writing a specially crafted request body to a temporary file (CVE-2016-4450); the bug had appeared in 1.3.9. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue May 31 16:42:50 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 31 May 2016 19:42:50 +0300 Subject: [nginx-announce] nginx security advisory (CVE-2016-4450) Message-ID: <20160531164250.GA36620@mdounin.ru> Hello! A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file (CVE-2016-4450). The problem affects nginx 1.3.9 - 1.11.0. The problem is fixed in nginx 1.11.1, 1.10.1. Patch for nginx 1.9.13 - 1.11.0 can be found here: http://nginx.org/download/patch.2016.write.txt Patch for older nginx versions (1.3.9 - 1.9.12): http://nginx.org/download/patch.2016.write2.txt -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Jul 5 16:22:37 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Jul 2016 19:22:37 +0300 Subject: [nginx-announce] nginx-1.11.2 Message-ID: <20160705162237.GP30781@mdounin.ru> Changes with nginx 1.11.2 05 Jul 2016 *) Change: now nginx always uses internal MD5 and SHA1 implementations; the --with-md5 and --with-sha1 configure options were canceled. *) Feature: variables support in the stream module. *) Feature: the ngx_stream_map_module. *) Feature: the ngx_stream_return_module. *) Feature: a port can be specified in the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. *) Feature: now nginx uses the IP_BIND_ADDRESS_NO_PORT socket option when available. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 and the "proxy_request_buffering" directive. *) Bugfix: the "Content-Length" request header line was always added to requests passed to backends, including requests without body, when using HTTP/2. *) Bugfix: "http request count is zero" alerts might appear in logs when using HTTP/2. *) Bugfix: unnecessary buffering might occur when using the "sub_filter" directive; the issue had appeared in 1.9.4. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Jul 26 14:11:25 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Jul 2016 17:11:25 +0300 Subject: [nginx-announce] nginx-1.11.3 Message-ID: <20160726141124.GD57459@mdounin.ru> Changes with nginx 1.11.3 26 Jul 2016 *) Change: now the "accept_mutex" directive is turned off by default. *) Feature: now nginx uses EPOLLEXCLUSIVE on Linux. *) Feature: the ngx_stream_geo_module. *) Feature: the ngx_stream_geoip_module. *) Feature: the ngx_stream_split_clients_module. *) Feature: variables support in the "proxy_pass" and "proxy_ssl_name" directives in the stream module. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: in configure tests. Thanks to Piotr Sikora. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Sep 13 15:51:11 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 13 Sep 2016 18:51:11 +0300 Subject: [nginx-announce] nginx-1.11.4 Message-ID: <20160913155111.GP1527@mdounin.ru> Changes with nginx 1.11.4 13 Sep 2016 *) Feature: the $upstream_bytes_received variable. *) Feature: the $bytes_received, $session_time, $protocol, $status, $upstream_addr, $upstream_bytes_sent, $upstream_bytes_received, $upstream_connect_time, $upstream_first_byte_time, and $upstream_session_time variables in the stream module. *) Feature: the ngx_stream_log_module. *) Feature: the "proxy_protocol" parameter of the "listen" directive, the $proxy_protocol_addr and $proxy_protocol_port variables in the stream module. *) Feature: the ngx_stream_realip_module. *) Bugfix: nginx could not be built with the stream module and the ngx_http_ssl_module, but without ngx_stream_ssl_module; the bug had appeared in 1.11.3. *) Feature: the IP_BIND_ADDRESS_NO_PORT socket option was not used; the bug had appeared in 1.11.2. *) Bugfix: in the "ranges" parameter of the "geo" directive. *) Bugfix: an incorrect response might be returned when using the "aio threads" and "sendfile" directives; the bug had appeared in 1.9.13. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Oct 11 15:32:40 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Oct 2016 18:32:40 +0300 Subject: [nginx-announce] nginx-1.11.5 Message-ID: <20161011153240.GD73038@mdounin.ru> Changes with nginx 1.11.5 11 Oct 2016 *) Change: the --with-ipv6 configure option was removed, now IPv6 support is configured automatically. *) Change: now if there are no available servers in an upstream, nginx will not reset number of failures of all servers as it previously did, but will wait for fail_timeout to expire. *) Feature: the ngx_stream_ssl_preread_module. *) Feature: the "server" directive in the "upstream" context supports the "max_conns" parameter. *) Feature: the --with-compat configure option. *) Feature: "manager_files", "manager_threshold", and "manager_sleep" parameters of the "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" directives. *) Bugfix: flags passed by the --with-ld-opt configure option were not used while building perl module. *) Bugfix: in the "add_after_body" directive when used with the "sub_filter" directive. *) Bugfix: in the $realip_remote_addr variable. *) Bugfix: the "dav_access", "proxy_store_access", "fastcgi_store_access", "scgi_store_access", and "uwsgi_store_access" directives ignored permissions specified for user. *) Bugfix: unix domain listen sockets might not be inherited during binary upgrade on Linux. *) Bugfix: nginx returned the 400 response on requests with the "-" character in the HTTP method. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Oct 18 15:34:08 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 18 Oct 2016 18:34:08 +0300 Subject: [nginx-announce] nginx-1.10.2 Message-ID: <20161018153408.GK73038@mdounin.ru> Changes with nginx 1.10.2 18 Oct 2016 *) Change: the "421 Misdirected Request" response now used when rejecting requests to a virtual server different from one negotiated during an SSL handshake; this improves interoperability with some HTTP/2 clients when using client certificates. *) Change: HTTP/2 clients can now start sending request body immediately; the "http2_body_preread_size" directive controls size of the buffer used before nginx will start reading client request body. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 and the "proxy_request_buffering" directive. *) Bugfix: the "Content-Length" request header line was always added to requests passed to backends, including requests without body, when using HTTP/2. *) Bugfix: "http request count is zero" alerts might appear in logs when using HTTP/2. *) Bugfix: unnecessary buffering might occur when using the "sub_filter" directive; the issue had appeared in 1.9.4. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: an incorrect response might be returned when using the "aio threads" and "sendfile" directives; the bug had appeared in 1.9.13. *) Workaround: OpenSSL 1.1.0 compatibility. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Nov 15 15:24:11 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 15 Nov 2016 18:24:11 +0300 Subject: [nginx-announce] nginx-1.11.6 Message-ID: <20161115152410.GN8196@mdounin.ru> Changes with nginx 1.11.6 15 Nov 2016 *) Change: format of the $ssl_client_s_dn and $ssl_client_i_dn variables has been changed to follow RFC 2253 (RFC 4514); values in the old format are available in the $ssl_client_s_dn_legacy and $ssl_client_i_dn_legacy variables. *) Change: when storing temporary files in a cache directory they will be stored in the same subdirectories as corresponding cache files instead of a separate subdirectory for temporary files. *) Feature: EXTERNAL authentication mechanism support in mail proxy. Thanks to Robert Norris. *) Feature: WebP support in the ngx_http_image_filter_module. *) Feature: variables support in the "proxy_method" directive. Thanks to Dmitry Lazurkin. *) Feature: the "http2_max_requests" directive in the ngx_http_v2_module. *) Feature: the "proxy_cache_max_range_offset", "fastcgi_cache_max_range_offset", "scgi_cache_max_range_offset", and "uwsgi_cache_max_range_offset" directives. *) Bugfix: graceful shutdown of old worker processes might require infinite time when using HTTP/2. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: "ignore long locked inactive cache entry" alerts might appear in logs when proxying WebSocket connections with caching enabled. *) Bugfix: nginx did not write anything to log and returned a response with code 502 instead of 504 when a timeout occurred during an SSL handshake to a backend. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Dec 13 15:33:29 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 13 Dec 2016 18:33:29 +0300 Subject: [nginx-announce] nginx-1.11.7 Message-ID: <20161213153328.GZ18639@mdounin.ru> Changes with nginx 1.11.7 13 Dec 2016 *) Change: now in case of a client certificate verification error the $ssl_client_verify variable contains a string with the failure reason, for example, "FAILED:certificate has expired". *) Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start, $ssl_client_v_end, and $ssl_client_v_remain variables. *) Feature: the "volatile" parameter of the "map" directive. *) Bugfix: dependencies specified for a module were ignored while building dynamic modules. *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" directives client request body might be corrupted; the bug had appeared in 1.11.0. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2; the bug had appeared in 1.11.3. *) Bugfix: in the ngx_http_mp4_module. Thanks to Congcong Hu. *) Bugfix: in the ngx_http_perl_module. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Dec 27 14:40:04 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 27 Dec 2016 17:40:04 +0300 Subject: [nginx-announce] nginx-1.11.8 Message-ID: <20161227144004.GX18639@mdounin.ru> Changes with nginx 1.11.8 27 Dec 2016 *) Feature: the "absolute_redirect" directive. *) Feature: the "escape" parameter of the "log_format" directive. *) Feature: client SSL certificates verification in the stream module. *) Feature: the "ssl_session_ticket_key" directive supports AES256 encryption of TLS session tickets when used with 80-byte keys. *) Feature: vim-commentary support in vim scripts. Thanks to Armin Grodon. *) Bugfix: recursion when evaluating variables was not limited. *) Bugfix: in the ngx_stream_ssl_preread_module. *) Bugfix: if a server in an upstream in the stream module failed, it was considered alive only when a test connection sent to it after fail_timeout was closed; now a successfully established connection is enough. *) Bugfix: nginx/Windows could not be built with 64-bit Visual Studio. *) Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0. -- Maxim Dounin http://nginx.org/