nghttp2 1.62.1 rpms released and added to EL7, EL8 and EL9 platforms.
At the same time please note that we already build nghttp2 for EL7 and EL8 since 1.61.0 with patches that allow c-ares 1.10 usage, as c-ares 1.16 is the minimum supported version.
nghttp2 requires C++-20 and is built with GCC 13 on EL8 and EL9.
UPD. EL7 platform is built with clang 15.
nghttp2 1.62.0 rpms released and added to EL8 and EL9 platforms.
EL7 platform is excluded as GCC 13 is minimum supported version.
At the same time please note that we already build nghttp2 for EL7 and EL8 since 1.61.0 with patches that allow c-ares 1.10 usage, as c-ares 1.16 is the minimum supported version.
nghttp2 requires C++-20 and is built with GCC 13 on EL8 and EL9.
1.26.0 Stable with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.13.
NGINX 1.25.5 mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.13.
Apache httpd 2.4.59-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8/9, Rocky Linux 8/9 added to repository. mod_http2 2.0.13 and mod_ssl are built dynamically against OpenSSL 3.0.11. Important fix: CVE-2024-27316 We build OpenSSL+QUIC 3.0.11 separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:
dnf module enable httpd:codeit
Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
nghttp2 1.61.0 rpms released and added to all platforms.
UPD. EL7 and EL8 also updated with the added patch reverting migrate-to-ares_getaddrinfo changes.
Fixes CVE-2024-28182
nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087
Checkout with submodules by @jonaski in #2093
Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092
build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097
Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098
docker: Use copy –link by @tatsuhiro-t in #2099
Nghttpx header idle timeout by @tatsuhiro-t in #2100
nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101
Rewrite hexdump by @tatsuhiro-t in #2102
Switch to distroless/base-nossl by @tatsuhiro-t in #2103
Bump ngtcp2 by @tatsuhiro-t in #2105
nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106
build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107
autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108
Automate release process by @tatsuhiro-t in #2109
autotools: Switch to tar-pax by @tatsuhiro-t in #2110
nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111
nghttpx: Fix port byte order by @tatsuhiro-t in #2112
h2load: Allow host header to be overridden by @tatsuhiro-t in #2113
nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114
nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115
Add actions/stale by @tatsuhiro-t in #2116
nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117
nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119
No rfc7540 priority fix by @tatsuhiro-t in #2120
Further reduce Stateless reset emission by @tatsuhiro-t in #2122
nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124
Nghttpx faster worker lookup by @tatsuhiro-t in #2125
nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126
bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127
cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128
nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129
nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132
Bump munit by @tatsuhiro-t in #2131
nghttpx: Fix error message by @tatsuhiro-t in #2133
nghttpd: Fix read stall by @tatsuhiro-t in #2134
mod_http2 v2.0.27 rpms released and added to all supported platforms
Changes:
nghttp2 1.60.0 rpms released and added to all supported platforms
makerelease.sh: Speed up git submodule by @tatsuhiro-t in #2043
Speed up git clone by @tatsuhiro-t in #2044
build(deps): bump actions/cache from 3 to 4 by @dependabot in #2046
Fixing the build and install trees by @anthonyalayo in #2051
build(deps): bump microsoft/setup-msbuild from 1 to 2 by @dependabot in #2052
nghttpx: Set ocsp response to SSL in case of boringssl by @tatsuhiro-t in #2055
Run with python3 by @tatsuhiro-t in #2054
src: Certificate Compression with boringssl by @tatsuhiro-t in #2056
Fix missing newline by @tatsuhiro-t in #2057
Switch to aws lc by @tatsuhiro-t in #2058
Libbrotli fixup by @tatsuhiro-t in #2059
Deprecate RFC 7540 priorities (aka stream dependencies) by @tatsuhiro-t in #2060
Let dependabot manage go modules by @tatsuhiro-t in #2061
build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 by @dependabot in #2062
integration-tests: Omit unused parameters by @tatsuhiro-t in #2065
Munit by @tatsuhiro-t in #2064
Introduce nghttp2_ssize API by @tatsuhiro-t in #2066
Move deprecated warning upfront by @tatsuhiro-t in #2067
Describe RFC 7540 priorities deprecation plan by @tatsuhiro-t in #2068
Apps migrate nghttp2 ssize by @tatsuhiro-t in #2069
src: Remove unused functions by @tatsuhiro-t in #2070
Reconsider ssize t usage in src by @tatsuhiro-t in #2071
Use GitHub private vulnerability reporting by @tatsuhiro-t in #2072
Move security policy to GitHub standard location by @tatsuhiro-t in #2073
Bump mruby to 3.3.0 by @tatsuhiro-t in #2074
Bump llhttp to 48588093ca4219b5f689acfc9ebea9e4c8c37663 by @tatsuhiro-t in #2075
h2load: Add –sni option by @tatsuhiro-t in #2076
Bump ngtcp2 dependencies by @tatsuhiro-t in #2077
mruby: Adopt deprecation of mrbc_ prefix by @tatsuhiro-t in #2078
neverbleed: Define _GNU_SOURCE for pthread_setaffinity_np by @tatsuhiro-t in #2079
bpf: Pre-expand aes key by @tatsuhiro-t in #2080
mruby: Exclude mrdb gem which causes nghttpx to crash by @tatsuhiro-t in #2081
nghttpx: Reuse EVP_CIPHER_CTX for QUIC connection ID encryption by @tatsuhiro-t in #2082
Run apt-get update before install by @tatsuhiro-t in #2083
src: Deal with the case that send_quantum < max_udp_payload_size by @tatsuhiro-t in #2084
nghttpx: Remove SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE by @tatsuhiro-t in #2085
Fix build when AI_NUMERICSERV is undefined by @barracuda156 in #2086
NGINX 1.25.4 mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.12.
Major changes:
RHEL 7 / CentOS 7:
yum upgrade -y codeit-repo-release yum-config-manager --enable CodeIT-mainline --save
yum install nginx
RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.
To install nginx with HTTP/3 support, you need to enable the appropriate stream:
dnf module reset -y nginx dnf module enable -y nginx:codeit-mainline
dnf install nginx
We build OpenSSL+QUIC 3.0 separately since v1.21.6, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries.
Exerimental HTTP/3 support added in NGINX 1.25.0 Mainline. We build it with the corresponding module (–with-http_v3_module).
ngtcp2 1.2.0, nghttp2 1.59.0 rpms released and added to all supported platforms
ngtcp2 1.2.0: cmake: Require nghttp3 >= v1.0.0 by @tatsuhiro-t in #1026 examples: Clarify stream limits by @tatsuhiro-t in #1032 Bump actions/stale from 8 to 9 by @dependabot in #1033 Avoid detecting OpenSSL 3.2 as quictls by @tatsuhiro-t in #1035 Clarify the behavior when a stream is not found by @tatsuhiro-t in #1036 Do not recognize boringssl as quictls by @tatsuhiro-t in #1038 Bump github/codeql-action from 2 to 3 by @dependabot in #1037 docker: Switch to bsslclient and bsslserver by @tatsuhiro-t in #1039 interop: Switch to wolfssl by @tatsuhiro-t in #1040 Revert “docker: Switch to bsslclient and bsslserver” by @tatsuhiro-t in #1041 docker: Switch to wolfssl by @tatsuhiro-t in #1042 Use wolfSSL in a README example by @tatsuhiro-t in #1043 Add aws-lc as BoringSSL alternative by @tatsuhiro-t in #1044 wolfSSL: Disable deprecated signature algorithms by @tatsuhiro-t in #1046 Remove use of SSL_set_quic_transport_version by @tatsuhiro-t in #1047 examples: Build with libressl by @tatsuhiro-t in #1048 Fix zero len file by @tatsuhiro-t in #1049 Assert that _BitScanReverse64 never fail by @tatsuhiro-t in #1051 Revert “wolfSSL: Disable deprecated signature algorithms” by @tatsuhiro-t in #1052 wolfssl: Enable –enable-keylog-export by @tatsuhiro-t in #1053 h09client: Fix display ecn bits by @tatsuhiro-t in #1054 Bump wolfSSL to v5.6.6-stable by @tatsuhiro-t in #1055 ngtcp2_pkt_adjust_pkt_num: Take bytes rather than bits by @tatsuhiro-t in #1056 Initial and Handshake packets are immediately acknowledged by @tatsuhiro-t in #1057 Refactor by @tatsuhiro-t in #1058 examples: Print remote HTTP/3 settings by @tatsuhiro-t in #1059 Fix assertion failure on immediate migration by @tatsuhiro-t in #1060 Add ngtcp2_window_filter tests by @tatsuhiro-t in #1061 Fix gcc-13 warning by @tatsuhiro-t in #1062 Fix persistent congestion by @tatsuhiro-t in #1064 Port missing changes to h09server by @tatsuhiro-t in #1065 Fix typo by @tatsuhiro-t in #1066 Update docker by @tatsuhiro-t in #1067 Fix docker build-arg by @tatsuhiro-t in #1069 Revert “Send RESET_STREAM if stream is reset by client” by @tatsuhiro-t in #1071 Return early when STOP_SENDING is received more than once by @tatsuhiro-t in #1072 Do not send STOP_SENDING if RESET_STREAM has been received by @tatsuhiro-t in #1073 Update doc by @tatsuhiro-t in #1074 wolfssl: Just use QUIC v1 transport parameter codepoint by @tatsuhiro-t in #1075 wolfssl: Disable ECH by @tatsuhiro-t in #1076 Bump boringssl by @tatsuhiro-t in #1077 Bump picotls by @tatsuhiro-t in #1078 Remove sample_offset field from ngtcp2_ppe by @tatsuhiro-t in #1079 ci: Build and verify aws-lc flavored builds by @tatsuhiro-t in #1080 Update boringssl build procedure by @tatsuhiro-t in #1081 Bump aws-lc to v1.20.0 by @tatsuhiro-t in #1082 Update doc by @tatsuhiro-t in #1083
nghttp2 1.59.0:
Bump clang to 15 by @tatsuhiro-t in #1986
Bump clang format by @tatsuhiro-t in #1987
Bump quictls to 3.1.4+quic by @tatsuhiro-t in #1988
Update ax_cxx_compile_stdcxx.m4 by @tatsuhiro-t in #1989
nghttpx: Prefer FILE_NAME if defined by @tatsuhiro-t in #1990
Add API to get and parse RFC 9218 priority by @tatsuhiro-t in #1991
nghttpx: Propagate stream priority from backend to frontend by @tatsuhiro-t in #1992
Check whether CLOCK_MONOTONIC is declared by @tatsuhiro-t in #1995
Bump go packages by @tatsuhiro-t in #2001
cmake: Remove itprep target by @tatsuhiro-t in #2002
h2load: Fix IPv6 address in :authority by @tatsuhiro-t in #2000
Bump ngtcp2 and nghttp3 by @tatsuhiro-t in #2006
Bump libbpf to v1.3.0 by @tatsuhiro-t in #2007
Use nghttp3_pri_parse_priority added since nghttp3 v1.1.0 by @tatsuhiro-t in #2008
cmake: Set minimum quic package versions by @tatsuhiro-t in #2009
Use #include
