http3 — CodeIT Technical blog

NGINX 1.29.2 Mainline with Brotli, TLS 1.3, OpenSSL 3.5.1, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9/EL10

nginx 1.29.2 Mainline with HTTP/3 support added to EL7, EL8, EL9, EL10 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using official OpenSSL 3.5.1 with QUIC support.

Our OpenSSL 3.5.1 builds break compatibility with nginx 1.28.x and earlier versions, as they are compiled against quictls project with their own APIs. Thus, to upgrade OpenSSL QUIC libs, please use nginx >= 1.29.0.

Added a previously missed changes entry in 1.29.1 relnotes. by @pluknet in #844
Removed legacy charset directive from default config example. by @MohamedKarrab in #829
QUIC: fixed ssl_reject_handshake error handling. by @pluknet in #889
Updated link to xslscript. by @pluknet in #854
Fixed inaccurate index directive error report by @willmafh in #881
SNI: using ClientHello callback. by @pluknet in #562
AWS-LC support changes by @pluknet in #848
Upstream: overflow detection in Cache-Control delta-seconds. by @pluknet in #898
Mail: xtext encoding (RFC 3461) in XCLIENT LOGIN. by @pluknet in #893
SSL: fixed «key values mismatch» with object cache inheritance. by @pluknet in #740
nginx-1.29.2 changes by @pluknet in #919

ngtcp2 1.16.0, nghttp3 1.12.0 rpms released

ngtcp2 1.16.0, nghttp3 1.12.0 rpms released and added to all supported platforms.

All the libraries stack built with OpenSSL 3.5.1, including ngtcp2 (quic client name changed from qtlsclient to osslclient).

Delivery of ngtcp2 for EL9 delayed because of build errors, other platforms received packages on 24.09.2025.

ngtcp2 1.15.1 skipped

ngtcp2 1.15.1 is skipped because the only fix is libressl specific header file installation

ngtcp2 1.15.0 rpms released

ngtcp2 1.15.0 rpms released and added to all supported platforms.

NGINX 1.29.1 Mainline with Brotli, TLS 1.3, OpenSSL 3.5.1, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9/EL10

nginx 1.29.1 Mainline with HTTP/3 support added to EL7, EL8, EL9, EL10 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using official OpenSSL 3.5.1 with QUIC support.

CVE fix CVE-2025-53859 Buffer overread in the ngx_mail_smtp_module
PCRE license fix for win32 zip by @pluknet in #753
QUIC: adjusted OpenSSL 3.5 QUIC API feature test. by @pluknet in #749
OPENSSL_VERSION_NUMBER fix for OpenSSL 3.0 by @pluknet in #775
kqueue build fixes by @pluknet in #777
HTTP/3: limited prefixed integers encoded length. by @pluknet in #124
HTTP/3: fixed handling :authority and Host with port. by @arut in #772
HTTP/2: fixed flushing early hints. by @arut in #808
HTTP/2 fixes for «:authority» vs «Host» by @pluknet in #803
Certificate compression by @pluknet in #788
Auth basic: fixed file descriptor leak on memory allocation error. by @pluknet in #833
smtp module fixes by @pluknet in #842
Changes 1.29.1 by @pluknet in #843

ngtcp2 1.14.0, nghttp3 1.11.0 rpms released

ngtcp2 1.14.0, nghttp3 1.11.0 rpms released and added to all supported platforms.

All the libraries stack built with OpenSSL 3.5.0, including ngtcp2 (quic client name changed from qtlsclient to osslclient).

OpenSSL 3.5.1 rpms released for EL7/EL8/EL9/EL10

openssl 3.5.1 rpms released and added to all supported platforms (Alma Linux, Rocky Linux, RedHat Enterprise Linux RHEL, Oracle Linux).

Fix x509 application adds trusted use instead of rejected use (CVE-2025-4575)

OpenSSL 3.5.1 is a release featuring QUIC server support.

We continue to build libs with quic support as a separate non-conflicting package openssl-quic-libs, files have separate .so.81.3 suffix to avoid conflicts with the official .so.3.

ngtcp2 1.13.0, nghttp3 1.10.1 rpms released

ngtcp2 1.13.0, nghttp3 1.10.1 rpms released and added to all supported platforms.

All the libraries stack rebuilt with OpenSSL 3.5.0, including ngtcp2 (quic client name changed from qtlsclient to osslclient).

OpenSSL 3.5.0 with official QUIC server support rpms released

openssl 3.5.0 rpms released and added to all supported platforms.

OpenSSL 3.5.0 is a major release featuring QUIC server support.

NGINX 1.29.0 Mainline with Brotli, TLS 1.3, OpenSSL 3.5.0, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

nginx 1.29.0 Mainline with HTTP/3 support added to EL7, EL8, EL9, EL10 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using official OpenSSL 3.5.0 with QUIC support.

Our OpenSSL 3.5.0 builds break compatibility with nginx 1.28.x and earlier versions, as they are compiled against quictls project with their own APIs. Thus, to upgrade OpenSSL QUIC libs, please use nginx >= 1.29.0.

*) Feature: support for response code 103 from proxy and gRPC backends;
the «early_hints» directive.

*) Feature: loading of secret keys from hardware tokens with OpenSSL
provider.

*) Feature: support for the «so_keepalive» parameter of the «listen»
directive on macOS.

*) Change: the logging level of SSL errors in a QUIC handshake has been
changed from «error» to «crit» for critical errors, and to «info» for
the rest; the logging level of unsupported QUIC transport parameters
has been lowered from «info» to «debug».

*) Change: the native nginx/Windows binary release is now built using
Windows SDK 10.

*) Bugfix: nginx could not be built by gcc 15 if ngx_http_v2_module or
ngx_http_v3_module modules were used.

*) Bugfix: nginx might not be built by gcc 14 or newer with -O3 -flto
optimization if ngx_http_v3_module was used.

*) Bugfixes and improvements in HTTP/3.