nginx.git/src, branch release-1.27.4 nginx SNI: added restriction for TLSv1.3 cross-SNI session resumption. 2025-02-05T16:11:42+00:00 Sergey Kandaurov pluknet@nginx.com 2025-01-22T14:55:44+00:00 46b9f5d389447b3b822ea71f5ac86ebc316c2975 In OpenSSL, session resumption always happens in the default SSL context, prior to invoking the SNI callback. Further, unlike in TLSv1.2 and older protocols, SSL_get_servername() returns values received in the resumption handshake, which may be different from the value in the initial handshake. Notably, this makes the restriction added in b720f650b insufficient for sessions resumed with different SNI server name. Considering the example from b720f650b, previously, a client was able to request example.org by presenting a certificate for example.org, then to resume and request example.com. The fix is to reject handshakes resumed with a different server name, if verification of client certificates is enabled in a corresponding server configuration. 
In OpenSSL, session resumption always happens in the default SSL context,
prior to invoking the SNI callback.  Further, unlike in TLSv1.2 and older
protocols, SSL_get_servername() returns values received in the resumption
handshake, which may be different from the value in the initial handshake.
Notably, this makes the restriction added in b720f650b insufficient for
sessions resumed with different SNI server name.

Considering the example from b720f650b, previously, a client was able to
request example.org by presenting a certificate for example.org, then to
resume and request example.com.

The fix is to reject handshakes resumed with a different server name, if
verification of client certificates is enabled in a corresponding server
configuration.
Added "keepalive_min_timeout" directive. 2025-02-05T10:08:01+00:00 Roman Arutyunyan arut@nginx.com 2025-01-15T08:42:39+00:00 22a2a225ba87029f0e7bbc09a80ff7cdad23399d The directive sets a timeout during which a keepalive connection will not be closed by nginx for connection reuse or graceful shutdown. The change allows clients that send multiple requests over the same connection without delay or with a small delay between them, to avoid receiving a TCP RST in response to one of them. This excludes network issues and non-graceful shutdown. As a side-effect, it also addresses the TCP reset problem described in RFC 9112, Section 9.6, when the last sent HTTP response could be damaged by a followup TCP RST. It is important for non-idempotent requests, which cannot be retried by client. It is not recommended to set keepalive_min_timeout to large values as this can introduce an additional delay during graceful shutdown and may restrict nginx from effective connection reuse. 
The directive sets a timeout during which a keepalive connection will
not be closed by nginx for connection reuse or graceful shutdown.

The change allows clients that send multiple requests over the same
connection without delay or with a small delay between them, to avoid
receiving a TCP RST in response to one of them.  This excludes network
issues and non-graceful shutdown.  As a side-effect, it also addresses
the TCP reset problem described in RFC 9112, Section 9.6, when the last
sent HTTP response could be damaged by a followup TCP RST.  It is important
for non-idempotent requests, which cannot be retried by client.

It is not recommended to set keepalive_min_timeout to large values as
this can introduce an additional delay during graceful shutdown and may
restrict nginx from effective connection reuse.
QUIC: added missing casts in iov_base assignments. 2025-01-28T16:00:42+00:00 Aleksei Bavshin a.bavshin@nginx.com 2025-01-27T18:33:25+00:00 64d0795ac41836b6be8fcceba68f1dbb62b4035a This is consistent with the rest of the code and fixes build on systems with non-standard definition of struct iovec (Solaris, Illumos). 
This is consistent with the rest of the code and fixes build on systems
with non-standard definition of struct iovec (Solaris, Illumos).
Upstream: fixed --with-compat build without SSL, broken by 454ad0e. 2025-01-23T18:50:13+00:00 Pavel Pautov p.pautov@f5.com 2025-01-22T02:41:16+00:00 5ab4f32e9de1d0c8523d3a22fc20a3067e20b68d 






SSL: avoid using mismatched certificate/key cached pairs.
2025-01-17T00:37:46+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-01-08T13:50:33+00:00

5d5d9adccfeaff7d5926737ee5dfa43937fe5899

This can happen with certificates and certificate keys specified
with variables due to partial cache update in various scenarios:
- cache expiration with only one element of pair evicted
- on-disk update with non-cacheable encrypted keys
- non-atomic on-disk update

The fix is to retry with fresh data on X509_R_KEY_VALUES_MISMATCH.





This can happen with certificates and certificate keys specified
with variables due to partial cache update in various scenarios:
- cache expiration with only one element of pair evicted
- on-disk update with non-cacheable encrypted keys
- non-atomic on-disk update

The fix is to retry with fresh data on X509_R_KEY_VALUES_MISMATCH.







Upstream: caching certificates and certificate keys with variables.
2025-01-17T00:37:46+00:00

Sergey Kandaurov
pluknet@nginx.com

2024-10-29T14:20:53+00:00

454ad0ef33a347eba1a62d18c8fc0498f4dcfd64

Caching is enabled with proxy_ssl_certificate_cache and friends.

Co-authored-by: Aleksei Bavshin <a.bavshin@nginx.com>





Caching is enabled with proxy_ssl_certificate_cache and friends.

Co-authored-by: Aleksei Bavshin <a.bavshin@nginx.com>







SSL: cache revalidation of file based dynamic certificates.
2025-01-17T00:37:46+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-01-13T17:40:04+00:00

4b96ad14f3607ab39b160715aeba721097ac4da4

Revalidation is based on file modification time and uniq file index,
and happens after the cache object validity time is expired.





Revalidation is based on file modification time and uniq file index,
and happens after the cache object validity time is expired.







SSL: caching certificates and certificate keys with variables.
2025-01-17T00:37:46+00:00

Sergey Kandaurov
pluknet@nginx.com

2024-10-29T12:25:11+00:00

0e756d67aa1e42e3b1b360936eb4d6c06bced2c1

A new directive "ssl_certificate_cache max=N [valid=time] [inactive=time]"
enables caching of SSL certificate chain and secret key objects specified
by "ssl_certificate" and "ssl_certificate_key" directives with variables.

Co-authored-by: Aleksei Bavshin <a.bavshin@nginx.com>





A new directive "ssl_certificate_cache max=N [valid=time] [inactive=time]"
enables caching of SSL certificate chain and secret key objects specified
by "ssl_certificate" and "ssl_certificate_key" directives with variables.

Co-authored-by: Aleksei Bavshin <a.bavshin@nginx.com>







SSL: encrypted certificate keys are exempt from object cache.
2025-01-17T00:37:46+00:00

Sergey Kandaurov
pluknet@nginx.com

2024-12-18T16:09:58+00:00

7677d5646aeb761b8b9da5af3eb10c008aae3f90

SSL object cache, as previously introduced in 1.27.2, did not take
into account encrypted certificate keys that might be unexpectedly
fetched from the cache regardless of the matching passphrase.  To
avoid this, caching of encrypted certificate keys is now disabled
based on the passphrase callback invocation.

A notable exception is encrypted certificate keys configured without
ssl_password_file.  They are loaded once resulting in the passphrase
prompt on startup and reused in other contexts as applicable.





SSL object cache, as previously introduced in 1.27.2, did not take
into account encrypted certificate keys that might be unexpectedly
fetched from the cache regardless of the matching passphrase.  To
avoid this, caching of encrypted certificate keys is now disabled
based on the passphrase callback invocation.

A notable exception is encrypted certificate keys configured without
ssl_password_file.  They are loaded once resulting in the passphrase
prompt on startup and reused in other contexts as applicable.







SSL: object cache inheritance from the old configuration cycle.
2025-01-17T00:37:46+00:00

Sergey Kandaurov
pluknet@nginx.com

2024-12-18T16:03:35+00:00

8311e14ae614529aabe9e72e87051d191b723fb4

Memory based objects are always inherited, engine based objects are
never inherited to adhere the volatile nature of engines, file based
objects are inherited subject to modification time and file index.

The previous behaviour to bypass cache from the old configuration cycle
is preserved with a new directive "ssl_object_cache_inheritable off;".





Memory based objects are always inherited, engine based objects are
never inherited to adhere the volatile nature of engines, file based
objects are inherited subject to modification time and file index.

The previous behaviour to bypass cache from the old configuration cycle
is preserved with a new directive "ssl_object_cache_inheritable off;".