ngtcp2 1.13.0, nghttp3 1.10.1 rpms released and added to all supported platforms.
All the libraries stack rebuilt with OpenSSL 3.5.0, including ngtcp2 (quic client name changed from qtlsclient to osslclient).
Author: Alexander Gerasimov
OpenSSL 3.5.0 with official QUIC server support rpms released
openssl 3.5.0 rpms released and added to all supported platforms.
OpenSSL 3.5.0 is a major release featuring QUIC server support.
We continue to build libs with quic support as a separate non-conflicting package openssl-quic-libs, files have separate .so.81.3 suffix to avoid conflicts with the official .so.3.
All the libraries stack rebuilt with OpenSSL 3.5.0, including ngtcp2 (quic client name changed from qtlsclient to osslclient).
NGINX 1.29.0 Mainline with Brotli, TLS 1.3, OpenSSL 3.5.0, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9/EL10
nginx 1.29.0 Mainline with HTTP/3 support added to EL7, EL8, EL9, EL10 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using official OpenSSL 3.5.0 with QUIC support.
Our OpenSSL 3.5.0 builds break compatibility with nginx 1.28.x and earlier versions, as they are compiled against quictls project with their own APIs. Thus, to upgrade OpenSSL QUIC libs, please use nginx >= 1.29.0.
*) Feature: support for response code 103 from proxy and gRPC backends; the “early_hints” directive.
*) Feature: loading of secret keys from hardware tokens with OpenSSL provider.
*) Feature: support for the “so_keepalive” parameter of the “listen” directive on macOS.
*) Change: the logging level of SSL errors in a QUIC handshake has been changed from “error” to “crit” for critical errors, and to “info” for the rest; the logging level of unsupported QUIC transport parameters has been lowered from “info” to “debug”.
*) Change: the native nginx/Windows binary release is now built using Windows SDK 10.
*) Bugfix: nginx could not be built by gcc 15 if ngx_http_v2_module or ngx_http_v3_module modules were used.
*) Bugfix: nginx might not be built by gcc 14 or newer with -O3 -flto optimization if ngx_http_v3_module was used.
*) Bugfixes and improvements in HTTP/3.
OpenSSL 3.5.0 in testing
We are tesing OpenSSL 3.5.0 and corresponding builds of ngtcp2, nghttp3, nghttp2, nginx against OpenSSL 3.5.0.
When it will be ready, the plan is to replace quictls (that is poorly supported and marked as abandoned in April 2025) with OpenSSL 3.5.0.
For now, mod_http2 can be built fine, but as soon as we will have conflicts with nginx. Currently, nginx has patches in its dev branch to support OpenSSL 3.5.x and use HTTP/3 from it. Thus, we are waiting for next nginx release to switch from quictls to OpenSSL.
The change will look as follows. Package name will not change (openssl-quic-libs), version will be 3.5.0 (instead of 3.2.x), .so version will remain 81.3. SO API is completely new, so requirements section will be explicitly set to openssl-quic-libs >= 3.5.0.
Please feel free to test (in CodeIT-testing repo) and comment 🙂
mod_http2 v2.0.32 rpms released
mod_http2 v2.0.32 rpms released and added to all supported platforms.
Changes:
- The connection window size was set wrong, preventing H2WindowSize to work.
NGINX 1.28.0 Stable with Brotli, TLS 1.3, OpenSSL 3.0.16, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9
nginx 1.28.0 Stable with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.16.
Incorporating new features and bug fixes from the 1.27.x mainline branch — including memory usage and CPU usage optimizations in complex SSL configurations, automatic re‑resolution of hostnames in upstream groups, performance enhancements in QUIC, OCSP validation of client SSL certificates and OCSP stapling support in the stream module, variables support in the proxy_limit_rate, fastcgi_limit_rate, scgi_limit_rate, and uwsgi_limit_rate directives, the proxy_pass_trailers directive, and more.
NGINX 1.27.5 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.16, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9
nginx 1.27.5 Mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.16.
Featuring CUBIC congestion control in QUIC connections and bugfixes in ssl_curves and ssl password files; Performance improvements and bugfixes in HTTP/3
ngtcp2 1.12.0, nghttp3 1.9.0 rpms released
ngtcp2 1.12.0, nghttp3 1.9.0 rpms released and added to all supported platforms
mod_http2 v2.0.31 rpms released
mod_http2 v2.0.31 rpms released and added to all supported platforms.
Changes:
- mod_proxy_http2: revert r1912193 for detecting broken backend connection as this interferes with backend selection who a node is unresponsive. PR69624.
- Fix issue with handling 304 responses from mod_cache. PR69580.
httpd mod_http2 v2.0.30 rpms released
mod_http2 v2.0.30 rpms released and added to all supported platforms.
Changes:
- Fixed bug in handling over long response headers. When the 64 KB limit
of nghttp2 was exceeded, the request was not reset and the client was
left hanging, waiting for it. Now the stream is reset. - Added new directive
H2MaxHeaderBlockLento set the limit on response
header sizes. - Fixed handling of Timeout vs. KeepAliveTimeout when first request on a
connection was reset.