Kev tso tawm ntawm cov ceg tseem ceeb ntawm nginx 1.29.4 tau tshaj tawm, uas txoj kev loj hlob ntawm cov yam ntxwv tshiab txuas ntxiv mus. Nyob rau tib lub sijhawm, cov ceg ruaj khov 1.28.x tau txais kev txhawb nqa, tsuas yog cov kev hloov pauv cuam tshuam txog kev tshem tawm qhov ua yuam kev loj thiab qhov tsis zoo. Nyob rau hauv lub neej yav tom ntej, lub ruaj khov ceg 1.29 yuav tsim nyob rau hauv lub hauv paus ntawm lub ntsiab ceg 1.30.x. Txoj haujlwm code yog sau hauv C thiab muab faib raws li BSD daim ntawv tso cai.
Hauv qhov kev tso tawm tshiab:
- Lub ngx_http_proxy module tam sim no txhawb nqa HTTP / 2 protocol, tso cai rau koj siv HTTP / 2 thaum nkag mus rau backends.
- Ntxiv kev txhawb nqa rau ECH (Encrypted ClientHello) TLS txuas ntxiv, kev hloov pauv ntawm ESNI (Encrypted Server Name Indication) txuas ntxiv siv los encrypt TLS kev sib kho cov ntaub ntawv, xws li lub npe thov. Qhov sib txawv tseem ceeb ntawm ECH thiab ESNI yog tias ECH encrypts tag nrho ClientHello TLS cov lus es tsis txhob encrypting ib tus neeg teb. Qhov no pab thaiv cov xau los ntawm cov teb tsis suav nrog ESNI, xws li PSK (Pre-Shared Key) teb. ECH tau qhib los ntawm kev qhia "ssl_ech_file" cov lus qhia hauv ECHConfig teeb tsa cov ntaub ntawv hauv PEM hom. Kev them nyiaj yug muaj nyob rau thaum siv OpenSSL tsim nrog ECH.
- Cov kev cai rau kev txheeb xyuas tus tswv tsev thiab chaw nres nkoj hauv cov ntawv thov, "Host" header, thiab ":authority" pseudo-header tau raug kho raws li cov cai ntawm RFC 3986.
- Kev qhia ib tus cwj pwm tshiab raws li qhov kev txiav tawm ib ntus hauv kev thov chunked lossis hauv lub cev teb tam sim no raug kho raws li qhov yuam kev.
- Kho qhov kev sib tsoo thaum siv HTTP/3 nrog OpenSSL 3.5.1+.
- Kho qhov kev sib tsoo uas tuaj yeem tshwm sim thaum try_files thiab proxy_pass cov lus qhia tau teev tseg ib txhij nrog URI.
Tau qhov twg los: opennet.ru
