nginx 1.25.2 changes draft

Sergey Kandaurov pluknet at nginx.com
Tue Aug 15 16:49:55 UTC 2023 

> On 15 Aug 2023, at 20:44, Maxim Dounin <mdounin at mdounin.ru> wrote:
> 
> Hello!
> 
> On Tue, Aug 15, 2023 at 07:48:05PM +0400, Sergey Kandaurov wrote:
> 
>> 
>>> On 15 Aug 2023, at 19:32, Maxim Dounin <mdounin at mdounin.ru> wrote:
>>> 
>>> Hello!
>>> 
>>> 
>>> Changes with nginx 1.25.2                                        15 Aug 2023
>>> 
>>>   *) Feature: path MTU discovery when using HTTP/3.
>>> 
>>>   *) Change: now nginx uses appname "nginx" when loading OpenSSL
>>>      configuration.
>>> 
>>>   *) Change: now nginx does not try to load OpenSSL configuration if the
>>>      --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
>>>      environment variable is not set.
>>> 
>>>   *) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
>>> 
>> 
>> There were bugfixes in QUIC, which may deserve a separate line.
> 
> Added "Bugfix: in HTTP/3" to cover anything not specifically 
> mentioned, thnx.
> 
>> Also I'd add TLS_AES_128_CCM_SHA256 cipher suite support in QUIC,
>> and a switch to using AEAD-encrypted QUIC address validation tokens,
>> which essentially provides now authenticated encryption.
> 
> Agreed about TLS_AES_128_CCM_SHA256, added.
> 
> Not sure AEAD worth mentioning though, it's more an internal 
> change hardly visible to users.

Agreed, thanks.

> 
> Updated:
> 
> 
> Changes with nginx 1.25.2                                        15 Aug 2023
> 
>    *) Feature: path MTU discovery when using HTTP/3.
> 
>    *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
>       HTTP/3.
> 
>    *) Change: now nginx uses appname "nginx" when loading OpenSSL
>       configuration.
> 
>    *) Change: now nginx does not try to load OpenSSL configuration if the
>       --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
>       environment variable is not set.
> 
>    *) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
> 
>    *) Bugfix: in HTTP/3.
> 
> 
> Изменения в nginx 1.25.2                                          15.08.2023
> 
>    *) Добавление: path MTU discovery при использовании HTTP/3.
> 
>    *) Добавление: поддержка шифра TLS_AES_128_CCM_SHA256 при использовании
>       HTTP/3.
> 
>    *) Изменение: теперь при загрузке конфигурации OpenSSL nginx использует
>       appname "nginx".
> 
>    *) Изменение: теперь nginx не пытается загружать конфигурацию OpenSSL,
>       если для сборки OpenSSL использовался параметр --with-openssl и
>       переменная окружения OPENSSL_CONF не установлена.
> 
>    *) Исправление: в переменной $body_bytes_sent при использовании HTTP/3.
> 
>    *) Исправление: в HTTP/3.
> 

Looks good.

-- 
Sergey Kandaurov

More information about the nginx-devel mailing list