Custom Query (2311 matches)
Results (88 - 90 of 2311)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #885 | fixed | Add support for multiple elliptic curves | ||
| Description |
Curve25519 is about to land in Chrome 50: https://www.chromestatus.com/feature/5682529109540864 nginx currently does not allow to use more than one curve. We can't use Curve25519 as a lot of clients will not support it. Allowing several curves with server preference would help to improve security and compatibility. Examples: ssl_ecdh_curve "brainpoolP512r1:secp521r1:prime256v1"; ssl_prefer_server_ecdh_curve on; or ssl_ecdh_curve brainpoolP512r1 secp521r1 prime256v1; ssl_prefer_server_ecdh_curve off; Also see this request: https://forum.nginx.org/read.php?10,263871,263871 |
|||
| #437 | fixed | Add Support for SPDY/3 | ||
| Description |
Please add support for spdy version 3. spdy/2 support has been removed from the Firefox code base ( https://bugzilla.mozilla.org/show_bug.cgi?id=912550 ) and Firefox >= 27 will only support >= spdy/3. Firefox 27 will be released in January 2014 ( https://wiki.mozilla.org/RapidRelease/Calendar ) so there is some urgency in getting spdy/3(.1) support into nginx. |
|||
| #2470 | invalid | Add support for the systemd directive OpenFile= for passing UNIX socket FDs to nginx | ||
| Description |
nginx currently supports specifying a UNIX socket path with the proxy_pass configuration directive For example proxy_pass http://unix:/tmp/backend.socket:/uri/; (reference: https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass ) Instead of specifying a path to the UNIX socket, I would like to pass in a file descriptor for the UNIX socket to nginx via inheritance from the parent process that starts nginx (i.e., systemd). Feature request: Add support for specifying a UNIX socket via the new systemd directive OpenFile= (see https://www.freedesktop.org/software/systemd/man/systemd.service.html#OpenFile=) which is available in systemd 253 (released 15 February 2023). systemd connects to the UNIX socket and lets nginx inherit the file descriptor. I have not yet investigated how systemd sets the environment variable LISTEN_FDNAMES. (I could provide more details later). Rationale This new feature would make it possible to set up a systemd system service with the systemd configuration USER=myuser and GROUP=mygroup and use nginx to proxy traffic to a UNIX socket that the user myuser:mygroup does not have file permission access to. The reason myuser:mygroup is able to use the UNIX socket is that systemd (running as root) has already connected to the socket. |
|||
