nginx.git/src/mail, branch release-1.29.4 nginx Mail: xtext encoding (RFC 3461) in XCLIENT LOGIN. 2025-09-26T13:04:20+00:00 Sergey Kandaurov pluknet@nginx.com 2025-09-11T14:23:10+00:00 6f81314a070201afc4e25b975b1f915698cff634 The XCLIENT command uses xtext encoding for attribute values, as specified in https://www.postfix.org/XCLIENT_README.html. Reported by Igor Morgenstern of Aisle Research. 
The XCLIENT command uses xtext encoding for attribute values,
as specified in https://www.postfix.org/XCLIENT_README.html.

Reported by Igor Morgenstern of Aisle Research.
Mail: logging upstream to the error log with "smtp_auth none;". 2025-08-13T14:20:34+00:00 Sergey Kandaurov pluknet@nginx.com 2025-07-21T13:44:28+00:00 239e10793adb1e32847095ba6c1d14249bf19a5c Previously, it was never logged because of missing login. 
Previously, it was never logged because of missing login.
Mail: reset stale auth credentials with "smtp_auth none;". 2025-08-13T14:20:34+00:00 Sergey Kandaurov pluknet@nginx.com 2025-07-07T19:48:44+00:00 9c02c84a7443f3d736a1a5eb3f596de9af8a0c9c They might be reused in a session if an SMTP client proceeded unauthenticated after previous invalid authentication attempts. This could confuse an authentication server when passing stale credentials along with "Auth-Method: none". The condition to send the "Auth-Salt" header is similarly refined. 
They might be reused in a session if an SMTP client proceeded
unauthenticated after previous invalid authentication attempts.
This could confuse an authentication server when passing stale
credentials along with "Auth-Method: none".

The condition to send the "Auth-Salt" header is similarly refined.
Mail: improved error handling in plain/login/cram-md5 auth methods. 2025-08-13T14:20:34+00:00 Sergey Kandaurov pluknet@nginx.com 2025-08-12T11:55:02+00:00 765642b86e0df1b5ef37f42522be7d08d95909c9 Previously, login and password storage could be left in inconsistent state in a session after decoding errors. 
Previously, login and password storage could be left in inconsistent
state in a session after decoding errors.
SSL: support for compressed server certificates with OpenSSL. 2025-08-03T15:15:16+00:00 Sergey Kandaurov pluknet@nginx.com 2025-07-09T15:02:09+00:00 251444fcf4434bfddbe3394a568c51d4f7bd857f The ssl_certificate_compression directive allows to send compressed server certificates. In OpenSSL, they are pre-compressed on startup. To simplify configuration, the SSL_OP_NO_TX_CERTIFICATE_COMPRESSION option is automatically cleared if certificates were pre-compressed. SSL_CTX_compress_certs() may return an error in legitimate cases, e.g., when none of compression algorithms is available or if the resulting compressed size is larger than the original one, thus it is silently ignored. Certificate compression is supported in Chrome with brotli only, in Safari with zlib only, and in Firefox with all listed algorithms. It is supported since Ubuntu 24.10, which has OpenSSL with enabled zlib and zstd support. The actual list of algorithms supported in OpenSSL depends on how the library was configured; it can be brotli, zlib, zstd as listed in RFC 8879. 
The ssl_certificate_compression directive allows to send compressed
server certificates.  In OpenSSL, they are pre-compressed on startup.
To simplify configuration, the SSL_OP_NO_TX_CERTIFICATE_COMPRESSION
option is automatically cleared if certificates were pre-compressed.

SSL_CTX_compress_certs() may return an error in legitimate cases,
e.g., when none of compression algorithms is available or if the
resulting compressed size is larger than the original one, thus it
is silently ignored.

Certificate compression is supported in Chrome with brotli only,
in Safari with zlib only, and in Firefox with all listed algorithms.
It is supported since Ubuntu 24.10, which has OpenSSL with enabled
zlib and zstd support.

The actual list of algorithms supported in OpenSSL depends on how
the library was configured; it can be brotli, zlib, zstd as listed
in RFC 8879.
Mail: handling of LOGIN IMAP command untagged response. 2024-11-26T15:07:17+00:00 Sergey Kandaurov pluknet@nginx.com 2024-10-23T20:52:21+00:00 ce88b171236de50843dba2c427a8b3e42778f2ca In particular, an untagged CAPABILITY response as described in the interim RFC 3501 internet drafts was seen in various IMAP servers. Previously resulted in a broken connection, now an untagged response is proxied to client. 
In particular, an untagged CAPABILITY response as described in the
interim RFC 3501 internet drafts was seen in various IMAP servers.
Previously resulted in a broken connection, now an untagged response
is proxied to client.
SSL: a new macro to set default protocol versions. 2024-11-22T09:47:22+00:00 Sergey Kandaurov pluknet@nginx.com 2024-11-18T09:39:13+00:00 476d6526b2e8297025c608425f4cad07b4f65990 This simplifies merging protocol values after ea15896 and ebd18ec. Further, as outlined in ebd18ec18, for libraries preceeding TLSv1.2+ support, only meaningful versions TLSv1 and TLSv1.1 are set by default. While here, fixed indentation. 
This simplifies merging protocol values after ea15896 and ebd18ec.

Further, as outlined in ebd18ec18, for libraries preceeding TLSv1.2+
support, only meaningful versions TLSv1 and TLSv1.1 are set by default.

While here, fixed indentation.
SSL: fixed MSVC compilation after ebd18ec1812b. 2024-11-11T18:29:55+00:00 蕭澧邦 shou692199@gmail.com 2024-11-03T06:36:17+00:00 ea15896c1a5b0ce504f85c1437bae21a542cf3e6 MSVC generates a compilation error in case #if/#endif is used in a macro parameter. 
MSVC generates a compilation error in case #if/#endif is used in a macro
parameter.
SSL: disabled TLSv1 and TLSv1.1 by default. 2024-10-31T15:49:00+00:00 Sergey Kandaurov pluknet@nginx.com 2024-10-09T16:28:00+00:00 ebd18ec1812bd6f3de54d9f9fc81563a0ec9f264 TLSv1 and TLSv1.1 are formally deprecated and forbidden to negotiate due to insufficient security reasons outlined in RFC 8996. TLSv1 and TLSv1.1 are disabled in BoringSSL e95b0cad9 and LibreSSL 3.8.1 in the way they cannot be enabled in nginx configuration. In OpenSSL 3.0, they are only permitted at security level 0 (disabled by default). The support is dropped in Chrome 84, Firefox 78, and deprecated in Safari. This change disables TLSv1 and TLSv1.1 by default for OpenSSL 1.0.1 and newer, where TLSv1.2 support is available. For older library versions, which do not have alternatives, these protocol versions remain enabled. 
TLSv1 and TLSv1.1 are formally deprecated and forbidden to negotiate due
to insufficient security reasons outlined in RFC 8996.

TLSv1 and TLSv1.1 are disabled in BoringSSL e95b0cad9 and LibreSSL 3.8.1
in the way they cannot be enabled in nginx configuration.  In OpenSSL 3.0,
they are only permitted at security level 0 (disabled by default).

The support is dropped in Chrome 84, Firefox 78, and deprecated in Safari.

This change disables TLSv1 and TLSv1.1 by default for OpenSSL 1.0.1 and
newer, where TLSv1.2 support is available.  For older library versions,
which do not have alternatives, these protocol versions remain enabled.
SSL: optional ssl_client_certificate for ssl_verify_client. 2024-09-20T10:43:00+00:00 Sergey Kandaurov pluknet@nginx.com 2024-09-20T10:08:42+00:00 18afcda938cd2d4712d0d083b57161290a5a2d34 Starting from TLSv1.1 (as seen since draft-ietf-tls-rfc2246-bis-00), the "certificate_authorities" field grammar of the CertificateRequest message was redone to allow no distinguished names. In TLSv1.3, with the restructured CertificateRequest message, this can be similarly done by optionally including the "certificate_authorities" extension. This allows to avoid sending DNs at all. In practice, aside from published TLS specifications, all supported SSL/TLS libraries allow to request client certificates with an empty DN list for any protocol version. For instance, when operating in TLSv1, this results in sending the "certificate_authorities" list as a zero-length vector, which corresponds to the TLSv1.1 specification. Such behaviour goes back to SSLeay. The change relaxes the requirement to specify at least one trusted CA certificate in the ssl_client_certificate directive, which resulted in sending DNs of these certificates (closes #142). Instead, all trusted CA certificates can be specified now using the ssl_trusted_certificate directive if needed. A notable difference that certificates specified in ssl_trusted_certificate are always loaded remains (see 3648ba7db). Co-authored-by: Praveen Chaudhary <praveenc@nvidia.com> 
Starting from TLSv1.1 (as seen since draft-ietf-tls-rfc2246-bis-00),
the "certificate_authorities" field grammar of the CertificateRequest
message was redone to allow no distinguished names.  In TLSv1.3, with
the restructured CertificateRequest message, this can be similarly
done by optionally including the "certificate_authorities" extension.
This allows to avoid sending DNs at all.

In practice, aside from published TLS specifications, all supported
SSL/TLS libraries allow to request client certificates with an empty
DN list for any protocol version.  For instance, when operating in
TLSv1, this results in sending the "certificate_authorities" list as
a zero-length vector, which corresponds to the TLSv1.1 specification.
Such behaviour goes back to SSLeay.

The change relaxes the requirement to specify at least one trusted CA
certificate in the ssl_client_certificate directive, which resulted in
sending DNs of these certificates (closes #142).  Instead, all trusted
CA certificates can be specified now using the ssl_trusted_certificate
directive if needed.  A notable difference that certificates specified
in ssl_trusted_certificate are always loaded remains (see 3648ba7db).

Co-authored-by: Praveen Chaudhary <praveenc@nvidia.com>