Timeline



08/28/21:

07:23 Ticket #2234 (NGINX 1.19.2 TCP RST/ACK TLSv1.0 Client Hello of Tor Relay ORPort ...) reopened by garycnew@…
07:20 Ticket #2234 (NGINX 1.19.2 TCP RST/ACK TLSv1.0 Client Hello of Tor Relay ORPort ...) updated by garycnew@…
Maxim, I believe this ticket was closed prematurely. The resets you …

08/27/21:

22:08 Ticket #2238 (Difference in ssl_verify_depth and ssl_verify_client optional_no_ca ...) updated by Maxim Dounin
In OpenSSL 1.1.0, verification of certificates was changed. In …
18:55 Ticket #2239 (Unterminated string result in ngx_sock_ntop()) closed by Maxim Dounin
invalid: > ... will leave the resulting text unterminated. In nginx, strings …
16:12 Ticket #2239 (Unterminated string result in ngx_sock_ntop()) created by GregIthaca@…
I've been studying/running your code for security research, and I've …

08/26/21:

16:04 Ticket #2238 (Difference in ssl_verify_depth and ssl_verify_client optional_no_ca ...) created by Malte Schmidt
Hello, upgrading from Ubuntu 16.04 to 20.04 (meaning nginx 1.16 to …

08/25/21:

23:25 Ticket #2237 (get host in http stream) closed by Maxim Dounin
wontfix: There are no plans to implement something like this. If for some …
17:14 Ticket #2237 (get host in http stream) created by xqdoo00o@…
Hi, the code below: stream { server { listen 80; …
05:52 Ticket #2236 (Unable to reach APT repository for nginx.org) created by seanking2919@…
I'm not sure if my server is blacklisted for some reason or if this is …

08/24/21:

19:38 Ticket #2235 (Allow setting TLS handshake timeouts for http(/2)) closed by Maxim Dounin
wontfix: SSL handshake time in the HTTP module is limited by the …
19:33 Ticket #1388 (Implement TLS Dynamic Record Sizing (CloudFlare patch ready)) updated by Maxim Dounin
> Lower ssl_buffer_size (<1400 bytes) help, but are not optimal after …
17:13 Ticket #2235 (Allow setting TLS handshake timeouts for http(/2)) created by ltning@…
Currently only the stream_ssl module supports any kind of tuning of …
17:06 Ticket #1388 (Implement TLS Dynamic Record Sizing (CloudFlare patch ready)) updated by ltning@…
We run a service that is seeing traffic from devices all over the …
15:15 Ticket #2234 (NGINX 1.19.2 TCP RST/ACK TLSv1.0 Client Hello of Tor Relay ORPort ...) closed by Maxim Dounin
invalid: First connection attempt as seen in the nginx-to-backend dump …
03:16 Ticket #2234 (NGINX 1.19.2 TCP RST/ACK TLSv1.0 Client Hello of Tor Relay ORPort ...) updated by garycnew@…
Maxim, We have uploaded the nginx-tor-tcpdumps to github as you …

08/23/21:

16:02 Ticket #2234 (NGINX 1.19.2 TCP RST/ACK TLSv1.0 Client Hello of Tor Relay ORPort ...) updated by Maxim Dounin
> I'd be happy to provide the raw, unfiltered packet-traces, but your …
08:31 Changeset in nginx-tests [1725:f4c79ee52d8f] by Sergey Kandaurov <pluknet@…>
Tests: added grpcs tests with flow control (ticket #2229). The tests …
08:28 Ticket #2233 (Packages for Debian Bullseye should include 32-bit x86 binaries) updated by Laurence 'GreenReaper' Parry
Well, I can do this. It's a hassle, but little more than the kernels I …
07:05 Ticket #2233 (Packages for Debian Bullseye should include 32-bit x86 binaries) updated by thresh
Indeed, we provide no 32bit binaries for new platforms anymore - this …
05:41 Ticket #2234 (NGINX 1.19.2 TCP RST/ACK TLSv1.0 Client Hello of Tor Relay ORPort ...) updated by garycnew@…
Hi Maxim! Thank you for your prompt reply to this ticket. > First of …

08/22/21:

20:56 Ticket #2234 (NGINX 1.19.2 TCP RST/ACK TLSv1.0 Client Hello of Tor Relay ORPort ...) updated by Maxim Dounin
Priority changed
> There appears to be a bug with NGINX 1.19.2 immediately sending a …
03:34 Ticket #2234 (NGINX 1.19.2 TCP RST/ACK TLSv1.0 Client Hello of Tor Relay ORPort ...) updated by garycnew@…
Description changed
02:50 Ticket #2234 (NGINX 1.19.2 TCP RST/ACK TLSv1.0 Client Hello of Tor Relay ORPort ...) created by garycnew@…
There appears to be a bug with NGINX 1.19.2 immediately sending a TCP …

08/21/21:

04:23 Ticket #2233 (Packages for Debian Bullseye should include 32-bit x86 binaries) created by Laurence 'GreenReaper' Parry
[http://nginx.org/packages/mainline/debian/dists/bullseye/nginx/

08/20/21:

22:17 Ticket #2229 (Grpc Upstream timeout) closed by Maxim Dounin
fixed: Fix committed, thanks for reporting this.
19:15 Ticket #2229 (Grpc Upstream timeout) updated by Maxim Dounin <mdounin@…>
In [changeset:"058a67435e83cfb3bb123f6c176be8d4c453f9b6/nginx"
00:53 Changeset in nginx [7966:5d09596909c6]stable-1.20 by Maxim Dounin <mdounin@…>
Upstream: fixed timeouts with gRPC, SSL and select (ticket #2229). …
00:53 Changeset in nginx [7906:058a67435e83] by Maxim Dounin <mdounin@…>
Upstream: fixed timeouts with gRPC, SSL and select (ticket #2229). …

08/19/21:

17:51 Changeset in nginx [7943:2a7155733855] by Alexey Radkov <alexey.radkov@…>
Core: removed unnecessary restriction in hash initialization. Hash …
15:53 Milestone unit-1.25 completed
Planned features and enhancements: * additional Ruby hooks * …

08/18/21:

19:13 Ticket #2134 (ssl cipher logging for mail) closed by Maxim Dounin
fixed
14:43 Changeset in nginx-tests [1724:1522ab9d37b4] by Sergey Kandaurov <pluknet@…>
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
14:22 Ticket #2232 (ngx_http_auth_basic_module does not support different passwords for ...) closed by Maxim Dounin
wontfix: Unix user files are expected to contain one line per user. There are …
12:17 Ticket #2232 (ngx_http_auth_basic_module does not support different passwords for ...) created by Chupaka@…
I need to proxy some API and change "local" basic auth (with static …

08/17/21:

22:28 Ticket #2134 (ssl cipher logging for mail) updated by Rob Mueller <robm@…>
In [changeset:"13d0c1d26d47c203b1874ca1ffdb7a9ba7fd2d77/nginx"
14:33 Ticket #2217 (Requesting nginx packages for Debian Bullseye) updated by Randy Fay
Thanks so much!
12:06 Ticket #2229 (Grpc Upstream timeout) updated by xTeare@…
I was indeed able to fix the problem with your "quick-fix". I've …
10:03 Ticket #2201 (build_module.sh error cd: pkg-oss/rpm/SPECS: No such file or directory) closed by thresh
fixed: Fixed since http://hg.nginx.org/pkg-oss/rev/9e7c296dcad6 Thanks!
09:45 Ticket #2201 (build_module.sh error cd: pkg-oss/rpm/SPECS: No such file or directory) updated by thresh
Owner, Status changed
09:40 Ticket #2180 (Installation instructions fail on Ubuntu 16.04) closed by thresh
fixed: The current instructions (since …
09:35 Ticket #2217 (Requesting nginx packages for Debian Bullseye) closed by thresh
fixed: Hello, The packages for Debian 11 are published now for x86_64 and …

08/16/21:

23:01 Ticket #2035 (Can't get old SSL cert to work - ca md too weak) closed by Maxim Dounin
fixed: Fix committed, thanks for reporting this.
23:00 Ticket #2229 (Grpc Upstream timeout) updated by Maxim Dounin
I'm able to reproduce it with slightly modified grpc.t, …
21:26 Ticket #2035 (Can't get old SSL cert to work - ca md too weak) updated by Maxim Dounin <mdounin@…>
In [changeset:"419c066cb7103165fe008339d210037f68a72d4f/nginx"
19:40 Changeset in nginx [7904:419c066cb710] by Maxim Dounin <mdounin@…>
SSL: ciphers now set before loading certificates (ticket #2035). To …
13:36 Changeset in nginx [7903:f2ddd0c491bf] by Maxim Dounin <mdounin@…>
Dark mode support in welcome and 50x error pages. Prodded by Duncan Lock.
13:36 Changeset in nginx [7902:67c68cd973b8] by Maxim Dounin <mdounin@…>
Welcome and 50x error pages style. Indentation of the CSS code …
12:14 Ticket #2217 (Requesting nginx packages for Debian Bullseye) updated by Randy Fay
Debian 11 Bullseye has now been released, thanks for working on this!
08:45 Ticket #2229 (Grpc Upstream timeout) updated by xTeare@…
Do you have a rough estimate when this will get fixed ? Our …

08/14/21:

02:51 Ticket #2035 (Can't get old SSL cert to work - ca md too weak) updated by Maxim Dounin
SSL ciphers are configured by nginx after loading the certificates, so …

08/13/21:

07:57 Changeset in nginx [7905:13d0c1d26d47] by Rob Mueller <robm@…>
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134). …
01:40 Ticket #1781 (Does not build on Mac with OpenSSL) updated by Maxim Dounin
See also #2227.
01:40 Ticket #2227 (Nginx 1.21.1 source build with static openssl fails on Freebsd12) closed by Maxim Dounin
invalid: The error messages suggest there is a conflicting SSL library, likely …
00:33 Ticket #2226 (Please add cache compression) closed by Maxim Dounin
wontfix: While compression might be beneficial to reduce latency, note that …
00:02 Ticket #2164 (Unable to add `$upstream_addr` to a response header field) closed by Maxim Dounin
worksforme: Feedback timeout.

08/12/21:

23:59 Ticket #2111 (Worker dumps core with image_filter test, proxy and HTML response from ...) closed by Maxim Dounin
worksforme: Feedback timeout. Unfortunately, it is not possible to reproduce the …
21:00 Ticket #2231 (proxy_cache_bypass sets variable defined in map) closed by Maxim Dounin
invalid: The proxy_cache_bypass directive is evaluated before making a …
20:44 nginx.conf attached to Ticket #2231 by mr.oliver.nadj@…
20:44 Dockerfile attached to Ticket #2231 by mr.oliver.nadj@…
20:44 Ticket #2231 (proxy_cache_bypass sets variable defined in map) created by mr.oliver.nadj@…
When I use the combination of […] and `proxy_cache_bypass …
11:01 Ticket #2230 (pkg-oss scripts break if 'so' included in path) closed by thresh
fixed: Thanks! Fixed in http://hg.nginx.org/pkg-oss/rev/e7d65b792793.

08/11/21:

19:18 Ticket #2229 (Grpc Upstream timeout) updated by Sergey Kandaurov
Status changed
Looks like there is a bug that causes removing read event after …
18:41 nginx_soso.patch attached to Ticket #2230 by https://stackoverflow.com/users/93534/notpeter
18:40 Ticket #2230 (pkg-oss scripts break if 'so' included in path) created by https://stackoverflow.com/users/93534/notpeter
The nginx pkg-oss repo uses sed to help rename .so to -debug.so in a …
14:38 Ticket #2229 (Grpc Upstream timeout) updated by xTeare@…
Description changed
14:12 Ticket #2229 (Grpc Upstream timeout) created by xTeare@…
So, i've got these things : a client, a server, nginx. They all run on …
13:28 Ticket #2228 (SSL_write() failed...) closed by Maxim Dounin
invalid: This is a bug in OpenSSL 1.1.1. The …
10:38 Ticket #2228 (SSL_write() failed...) created by gidiwe2427
I got this in my error log: [crit] 1098#1098: *228213 SSL_write() …
08:55 Changeset in nginx-tests [1723:3581dc3c1937] by Sergey Kandaurov <pluknet@…>
Tests: added ssl test for "unexpected eof while reading". See for …

08/10/21:

20:43 Changeset in nginx [7965:f2bbbc0ccdfb]stable-1.20 by Sergey Kandaurov <pluknet@…>
SSL: use of the SSL_OP_IGNORE_UNEXPECTED_EOF option. A new behaviour …
20:43 Changeset in nginx [7901:dda421871bc2] by Sergey Kandaurov <pluknet@…>
SSL: removed use of the SSL_OP_MSIE_SSLV2_RSA_PADDING option. It has …
20:43 Changeset in nginx [7900:509b663a789c] by Sergey Kandaurov <pluknet@…>
SSL: removed export ciphers support. Export ciphers are forbidden to …
20:43 Changeset in nginx [7899:1a03af395f44] by Sergey Kandaurov <pluknet@…>
SSL: use of the SSL_OP_IGNORE_UNEXPECTED_EOF option. A new behaviour …
20:43 Changeset in nginx [7964:7b79f0944197]stable-1.20 by Sergey Kandaurov <pluknet@…>
SSL: silenced warnings when building with OpenSSL 3.0. The …
20:43 Changeset in nginx [7963:9b9299494238]stable-1.20 by Sergey Kandaurov <pluknet@…>
SSL: ERR_peek_error_line_data() compatibility with OpenSSL 3.0. …
20:43 Changeset in nginx [7962:ddfad46492b5]stable-1.20 by Sergey Kandaurov <pluknet@…>
SSL: using SSL_CTX_set0_tmp_dh_pkey() with OpenSSL 3.0 in dhparam. …
20:43 Changeset in nginx [7961:c7c6a87c068d]stable-1.20 by Sergey Kandaurov <pluknet@…>
SSL: SSL_get_peer_certificate() is deprecated in OpenSSL 3.0. Switch …
20:43 Changeset in nginx [7898:8f7107617550] by Sergey Kandaurov <pluknet@…>
SSL: silenced warnings when building with OpenSSL 3.0. The …
20:43 Changeset in nginx [7897:4195a6f0c61c] by Sergey Kandaurov <pluknet@…>
SSL: ERR_peek_error_line_data() compatibility with OpenSSL 3.0. …
20:43 Changeset in nginx [7896:1e0fabbe01c7] by Sergey Kandaurov <pluknet@…>
SSL: using SSL_CTX_set0_tmp_dh_pkey() with OpenSSL 3.0 in dhparam. …
20:43 Changeset in nginx [7895:8ebda26e4f98] by Sergey Kandaurov <pluknet@…>
SSL: SSL_get_peer_certificate() is deprecated in OpenSSL 3.0. Switch …
20:42 Changeset in nginx [7960:ec2798eb3648]stable-1.20 by Sergey Kandaurov <pluknet@…>
SSL: RSA data type is deprecated in OpenSSL 3.0. The only consumer is …
20:42 Changeset in nginx [7894:37be19a3c0ee] by Sergey Kandaurov <pluknet@…>
SSL: RSA data type is deprecated in OpenSSL 3.0. The only consumer is …

08/09/21:

15:13 Changeset in nginx-tests [1722:122002b19416] by Sergey Kandaurov <pluknet@…>
Tests: HTTP/1.0 requests with Transfer-Encoding.
15:12 Changeset in nginx [7893:7a6afd584eb4] by Sergey Kandaurov <pluknet@…>
Disabled HTTP/1.0 requests with Transfer-Encoding. The latest …

08/04/21:

18:27 Changeset in nginx [7959:efbcecbe5805]stable-1.20 by Sergey Kandaurov <pluknet@…>
SSL: SSL_CTX_set_tmp_dh() error handling. For example, it can fail …
18:27 Changeset in nginx [7892:34a3a1a2d197] by Sergey Kandaurov <pluknet@…>
SSL: SSL_CTX_set_tmp_dh() error handling. For example, it can fail …
09:48 Ticket #1306 (ngx_http_geo_module ranges do not support ipv6) updated by Sannis@…
This will be great feature for nginx users with large geo maps, …

08/03/21:

17:50 Changeset in nginx [7958:9b72da2b5b57]stable-1.20 by Maxim Dounin <mdounin@…>
SSL: set events ready flags after handshake. The c->read->ready and …
17:50 Changeset in nginx [7891:573bd30e46b4] by Maxim Dounin <mdounin@…>
SSL: set events ready flags after handshake. The c->read->ready and …
17:50 Changeset in nginx [7890:1563bbcdb90c] by Maxim Dounin <mdounin@…>
Version bump.
12:30 Ticket #2227 (Nginx 1.21.1 source build with static openssl fails on Freebsd12) created by wakwanza@…
Trying to build from source with openssl 1.1.1k fails in the linking …
01:33 Ticket #2224 (HTTP/2 in nginx does not use double-GOAWAY for graceful connection shutdown) updated by Maxim Dounin
Type, Priority changed
> I don't see how two-stage GOAWAY is any more broken in Chrome than …

08/02/21:

17:40 Ticket #2222 (add_after_body concatenates (upstream proxied) gziped content with ...) updated by Maxim Dounin
Component, Type changed
The add_after_body and add_before_body directives simply …
16:33 Ticket #786 (url decoding is senseless for proxy_pass) updated by Maxim Dounin
See also #2225.
16:33 Ticket #2224 (HTTP/2 in nginx does not use double-GOAWAY for graceful connection shutdown) reopened by ejona.google.com@…
Oh, https://bugs.chromium.org/p/chromium/issues/detail?id=1030255
16:32 Ticket #2225 (location-matching on undecoded paths) closed by Maxim Dounin
wontfix: There is no concept of the "only semantical" decoding in nginx. …
12:43 Ticket #2226 (Please add cache compression) created by gidiwe2427
Previously we use redis for our page cache. And we do a comparison …
09:01 Ticket #2225 (location-matching on undecoded paths) created by breunigs@…
Dear devs, is there a way to configure nginx to location-match on …
08:01 Ticket #2222 (add_after_body concatenates (upstream proxied) gziped content with ...) updated by dwt@…
I just found another hard to deal problem with this setup. One of the …

08/01/21:

01:15 Ticket #2223 (Need info about Nginx cache purge) closed by Maxim Dounin
invalid: For questions on how nginx works and how to configure it, please …
01:13 Ticket #2224 (HTTP/2 in nginx does not use double-GOAWAY for graceful connection shutdown) closed by Maxim Dounin
wontfix: As already explained …

07/30/21:

20:51 Ticket #2224 (HTTP/2 in nginx does not use double-GOAWAY for graceful connection shutdown) created by ejona.google.com@…
As defined in RFC 7540 §6.8: > A server that is attempting to …
17:46 Ticket #2223 (Need info about Nginx cache purge) created by yaswanth.amarneni@…
How to see what open source Nginx purging from cache? Is there any log …
10:31 Ticket #2222 (add_after_body concatenates (upstream proxied) gziped content with ...) updated by dwt@…
I'd like to add that I really appreciated the description of this …
Note: See TracTimeline for information about the timeline view.