Ukukhutshwa kwesebe eliphambili le-nginx 1.29.2 lishicilelwe, apho ukuphuhliswa kweempawu ezintsha kuqhubeka. Ngokunxuseneyo, isebe elizinzile 1.28.x lixhaswa, kuphela utshintsho olunxulumene nokupheliswa kweempazamo ezinzulu kunye nobuthathaka benziwa. Kwixesha elizayo, isebe elizinzile 1.29 liya kwenziwa ngesiseko sesebe eliphambili 1.30.x. Ikhowudi yeprojekthi ibhalwe kwi-C kwaye ihanjiswa phantsi kwelayisensi ye-BSD.
Kukhupho olutsha:
- Kongezwe isakhono sokwakha ngelayibrari ye-cryptographic ye-AWS-LC, ephuhliswe yi-Amazon.
- Ingxaki ngomyalelo we-"ssl_protocols" isonjululwe. iseva ebonakalayo, ngaphandle kweseva emiselweyo. Ingxaki yenzeke xa kusetyenziswa i-OpenSSL 1.1.1 kunye neyakhutshwa kamva.
- Kulungiswe ukusilela koqhagamshelwano lwe-TLSv1.3 kuqwalaselo kunye ne-OpenSSL kunye nezatifikethi zabaxumi. Ukusilela kwenzeke xa kuphinda kuqaliswe iseshoni ngexabiso elahlukileyo le-SNI.
- Kulungiswe isiphene esibangele "ukungahoywa kwempazamo yakudala ye-SSL" kufakwe umyalezo xa kusetyenziswa umthetho olandelwayo we-QUIC kunye nomyalelo "ssl_reject_handshake".
- Kulungiswe umba ngokusingatha amaxabiso asekelwe kwixesha kwiCache-Control HTTP header ebuyiselwe ngasemva.
- Usetyenziso lwe-xtext encoding kumyalelo we-XCLIENT lusekiwe.
- Kulungiswe ingxaki yokugcina i-caching Izatifikethi ze-TLS ngexesha lokulungiswa kwakhona.
Ukongeza, kufanelekile ukuqaphela ukukhutshwa kweFreeNginx 1.29.2, ifolokhwe yeNginx. Uphuhliso lwefolokhwe lukhokelwa nguMaxim Dunin, omnye wabaphuhlisi abaphambili beNginx. I-FreeNginx izibeka njengeprojekthi engeyiyo yorhwebo, iqinisekisa ukuphuhliswa kwekhowudi ye-Nginx ngaphandle kokuphazamiseka kwenkampani. Ikhowudi ye-FreeNginx iyaqhubeka nokuba nelayisensi phantsi kwelayisensi ye-BSD. Utshintsho kwi-FreeNginx 1.29.2 lubandakanya ukongezwa kwenkxaso ye-ECH (Encrypted Client Hello) i-TLS extension.
umthombo: opennet.ru
