The release of the main branch of nginx 1.27.2 has been published, within which the development of new features continues. In the parallel supported stable branch 1.26.x, only changes related to the elimination of serious errors and vulnerabilities are made. In the future, the stable branch 1.27 will be formed on the basis of the main branch 1.28.x. The project code is written in C and is distributed under the BSD license.
Among the changes:
- Caching is implemented during startup and configuration updates. SSL certificates, keys and CRL (Certificate Revocation List).
- The stream module has been updated to support checking client certificate revocation using the OCSP (Online Certificate Status Protocol).
- The stream module implements support for the OCSP Stapling certificate revocation checking technique, the essence of which is that when negotiating a TLS connection, an OCSP response certified by a certification authority is transmitted server, servicing the site, without the need for direct access to the certification authority).
- The "proxy_pass_trailers" directive has been added to the ngx_http_proxy_module module, allowing the transmission of header fields at the end of the response from the proxied server to the client.
- The "ssl_client_certificate" directive provides support for certificates with additional information.
- The "ssl_client_certificate" directive is no longer required to verify client SSL certificates.
Source: opennet.ru
