> On 14 Oct 2022, at 20:30, Maxim Dounin <mdounin@mdounin.ru> wrote: > > Hello! > > On Fri, Oct 14, 2022 at 04:33:00PM +0400, Sergey Kandaurov wrote: > >>> On 14 Oct 2022, at 00:30, Maxim Dounin <mdounin@mdounin.ru> wrote: >>> >>> Hello! >>> >>> On Thu, Oct 13, 2022 at 05:02:42PM +0400, Sergey Kandaurov wrote: >>by Sergey Kandaurov - Nginx Development
Hello! On Fri, Oct 14, 2022 at 04:33:00PM +0400, Sergey Kandaurov wrote: > > On 14 Oct 2022, at 00:30, Maxim Dounin <mdounin@mdounin.ru> wrote: > > > > Hello! > > > > On Thu, Oct 13, 2022 at 05:02:42PM +0400, Sergey Kandaurov wrote: > > > >> # HG changeset patch > >> # User Sergey Kandaurov <pluknet@nginx.com> > >> # Dby Maxim Dounin - Nginx Development
> On 14 Oct 2022, at 00:30, Maxim Dounin <mdounin@mdounin.ru> wrote: > > Hello! > > On Thu, Oct 13, 2022 at 05:02:42PM +0400, Sergey Kandaurov wrote: > >> # HG changeset patch >> # User Sergey Kandaurov <pluknet@nginx.com> >> # Date 1665665717 -14400 >> # Thu Oct 13 16:55:17 2022 +0400 >> # Node ID b2eba2994ddcbf9084075f9ae32c3332by Sergey Kandaurov - Nginx Development
Hello! On Thu, Oct 13, 2022 at 05:02:42PM +0400, Sergey Kandaurov wrote: > # HG changeset patch > # User Sergey Kandaurov <pluknet@nginx.com> > # Date 1665665717 -14400 > # Thu Oct 13 16:55:17 2022 +0400 > # Node ID b2eba2994ddcbf9084075f9ae32c3332a628ca7a > # Parent 81b4326daac70d6de70abbc3fe36d4f6e3da54a2 > SSL: improved validation of ssl_session_cache and ssl_by Maxim Dounin - Nginx Development
details: https://hg.nginx.org/nginx/rev/0f3d98e4bcc5 branches: changeset: 8084:0f3d98e4bcc5 user: Maxim Dounin <mdounin@mdounin.ru> date: Wed Oct 12 20:14:53 2022 +0300 description: SSL: automatic rotation of session ticket keys. As long as ssl_session_cache in shared memory is configured, session ticket keys are now automatically generated in shared memory, and rotated periodby Sergey Kandaurov - Nginx Development
details: https://hg.nginx.org/nginx/rev/043006e5a0b1 branches: changeset: 8085:043006e5a0b1 user: Maxim Dounin <mdounin@mdounin.ru> date: Wed Oct 12 20:14:55 2022 +0300 description: SSL: optimized rotation of session ticket keys. Instead of syncing keys with shared memory on each ticket operation, the code now does this only when the worker is going to change expiration of theby Sergey Kandaurov - Nginx Development
details: https://hg.nginx.org/nginx/rev/5244d3b165ff branches: changeset: 8078:5244d3b165ff user: Maxim Dounin <mdounin@mdounin.ru> date: Wed Oct 12 20:14:40 2022 +0300 description: SSL: single allocation in session cache on 32-bit platforms. Given the present typical SSL session sizes, on 32-bit platforms it is now beneficial to store all data in a single allocation, since rbby Sergey Kandaurov - Nginx Development
Hello! On Wed, Oct 12, 2022 at 05:57:07PM +0400, Sergey Kandaurov wrote: > > > On 9 Oct 2022, at 08:59, Maxim Dounin <mdounin@mdounin.ru> wrote: > > > > Hello! > > > > On Sat, Oct 01, 2022 at 11:58:20AM +0300, Maxim Dounin wrote: > > > >> On Thu, Sep 29, 2022 at 08:00:03PM +0400, Sergey Kandaurov wrote: > >> > >>>>by Maxim Dounin - Nginx Development
> On 9 Oct 2022, at 08:59, Maxim Dounin <mdounin@mdounin.ru> wrote: > > Hello! > > On Sat, Oct 01, 2022 at 11:58:20AM +0300, Maxim Dounin wrote: > >> On Thu, Sep 29, 2022 at 08:00:03PM +0400, Sergey Kandaurov wrote: >> >>>> On 28 Sep 2022, at 22:37, Maxim Dounin <mdounin@mdounin.ru> wrote: >>>> >>>> On Mon, Sep 26,by Sergey Kandaurov - Nginx Development
Hello! On Sat, Oct 01, 2022 at 11:58:20AM +0300, Maxim Dounin wrote: > On Thu, Sep 29, 2022 at 08:00:03PM +0400, Sergey Kandaurov wrote: > > > > On 28 Sep 2022, at 22:37, Maxim Dounin <mdounin@mdounin.ru> wrote: > > > > > > On Mon, Sep 26, 2022 at 02:17:18PM +0400, Sergey Kandaurov wrote: > > [...] > > > >> And by the way, while revby Maxim Dounin - Nginx Development
> On 28 Sep 2022, at 22:37, Maxim Dounin <mdounin@mdounin.ru> wrote: > > Hello! > > On Mon, Sep 26, 2022 at 02:17:18PM +0400, Sergey Kandaurov wrote: > >>> On 17 Sep 2022, at 01:08, Maxim Dounin <mdounin@mdounin.ru> wrote: >>> >>> On Thu, Sep 15, 2022 at 09:50:24AM +0400, Sergey Kandaurov wrote: >>> >>>>> On 26 Aby Sergey Kandaurov - Nginx Development
Hello! On Mon, Sep 26, 2022 at 02:17:18PM +0400, Sergey Kandaurov wrote: > > On 17 Sep 2022, at 01:08, Maxim Dounin <mdounin@mdounin.ru> wrote: > > > > On Thu, Sep 15, 2022 at 09:50:24AM +0400, Sergey Kandaurov wrote: > > > >>> On 26 Aug 2022, at 07:01, Maxim Dounin <mdounin@mdounin.ru> wrote: > >>> > >>> # HG changeset pby Maxim Dounin - Nginx Development
> On 17 Sep 2022, at 01:08, Maxim Dounin <mdounin@mdounin.ru> wrote: > > Hello! > > On Thu, Sep 15, 2022 at 09:50:24AM +0400, Sergey Kandaurov wrote: > >>> On 26 Aug 2022, at 07:01, Maxim Dounin <mdounin@mdounin.ru> wrote: >>> >>> # HG changeset patch >>> # User Maxim Dounin <mdounin@mdounin.ru> >>> # Date 1661481by Sergey Kandaurov - Nginx Development
> On 17 Sep 2022, at 01:04, Maxim Dounin <mdounin@mdounin.ru> wrote: > > Hello! > > On Thu, Sep 15, 2022 at 09:41:36AM +0400, Sergey Kandaurov wrote: > >>> On 26 Aug 2022, at 07:01, Maxim Dounin <mdounin@mdounin.ru> wrote: >>> >>> # HG changeset patch >>> # User Maxim Dounin <mdounin@mdounin.ru> >>> # Date 1661481by Sergey Kandaurov - Nginx Development
Hello! On Thu, Sep 15, 2022 at 09:50:24AM +0400, Sergey Kandaurov wrote: > > On 26 Aug 2022, at 07:01, Maxim Dounin <mdounin@mdounin.ru> wrote: > > > > # HG changeset patch > > # User Maxim Dounin <mdounin@mdounin.ru> > > # Date 1661481958 -10800 > > # Fri Aug 26 05:45:58 2022 +0300 > > # Node ID 5c26fe5f6ab0bf4c0d18cae8f6f6483348243d4bby Maxim Dounin - Nginx Development
Hello! On Thu, Sep 15, 2022 at 09:41:36AM +0400, Sergey Kandaurov wrote: > > On 26 Aug 2022, at 07:01, Maxim Dounin <mdounin@mdounin.ru> wrote: > > > > # HG changeset patch > > # User Maxim Dounin <mdounin@mdounin.ru> > > # Date 1661481950 -10800 > > # Fri Aug 26 05:45:50 2022 +0300 > > # Node ID e88baee178eed529c6170678e373f5e2e0883c37by Maxim Dounin - Nginx Development
> On 26 Aug 2022, at 07:01, Maxim Dounin <mdounin@mdounin.ru> wrote: > > # HG changeset patch > # User Maxim Dounin <mdounin@mdounin.ru> > # Date 1661481958 -10800 > # Fri Aug 26 05:45:58 2022 +0300 > # Node ID 5c26fe5f6ab0bf4c0d18cae8f6f6483348243d4b > # Parent 2487bf5766f79c813b3397b3bb897424c3590445 > SSL: automatic rotation of session ticket keys.by Sergey Kandaurov - Nginx Development
> On 26 Aug 2022, at 07:01, Maxim Dounin <mdounin@mdounin.ru> wrote: > > # HG changeset patch > # User Maxim Dounin <mdounin@mdounin.ru> > # Date 1661481950 -10800 > # Fri Aug 26 05:45:50 2022 +0300 > # Node ID e88baee178eed529c6170678e373f5e2e0883c37 > # Parent f4ae0f4ee928cf20346530e96f1431314ecd0171 > SSL: single allocation in session cache on 32-biby Sergey Kandaurov - Nginx Development
Hello! Below is a patch series to address various issues with SSL session caching and session tickets, notably: - session cache trashing with OpenSSL and TLSv1.3 - excessive logging of session cache allocation failures It also introduces automatic rotation of session ticket keys (as long as session cache in the shared memory is configured). -- Maxim Dounin http://mdounin.ru/ ________________by Maxim Dounin - Nginx Development
# HG changeset patch # User Maxim Dounin <mdounin@mdounin.ru> # Date 1661481958 -10800 # Fri Aug 26 05:45:58 2022 +0300 # Node ID 5c26fe5f6ab0bf4c0d18cae8f6f6483348243d4b # Parent 2487bf5766f79c813b3397b3bb897424c3590445 SSL: automatic rotation of session ticket keys. As long as ssl_session_cache in shared memory is configured, session ticket keys are now automatically generated in shby Maxim Dounin - Nginx Development
# HG changeset patch # User Maxim Dounin <mdounin@mdounin.ru> # Date 1661481950 -10800 # Fri Aug 26 05:45:50 2022 +0300 # Node ID e88baee178eed529c6170678e373f5e2e0883c37 # Parent f4ae0f4ee928cf20346530e96f1431314ecd0171 SSL: single allocation in session cache on 32-bit platforms. Given the present typical SSL session sizes, on 32-bit platforms it is now beneficial to store all data iby Maxim Dounin - Nginx Development
details: https://hg.nginx.org/njs/rev/8fe7d9723477 branches: changeset: 1899:8fe7d9723477 user: Dmitry Volyntsev <xeioex@nginx.com> date: Tue Jun 28 22:36:30 2022 -0700 description: Added native function symbolizer for function tracing in debug. diffstat: auto/cc | 4 + auto/help | 4 + auto/libbfd | 35 ++++++ auto/linkby Dmitry Volyntsev - Nginx Development
> On 28 Jun 2022, at 09:26, Pavel Pautov via nginx-devel <nginx-devel@nginx.org> wrote: > > Hi, > > The patch seems fine and is somewhat similar to what I've posted before. > > I guess, the copy-paste can be addressed some time later by someone else. I agree, the patch looks good to me, tested in various configurations (including if() block, etc.) > >> ---by Sergey Kandaurov - Nginx Development
Hi, The patch seems fine and is somewhat similar to what I've posted before. I guess, the copy-paste can be addressed some time later by someone else. > -----Original Message----- > From: Maxim Dounin <mdounin@mdounin.ru> > Sent: Saturday, June 25, 2022 22:48 > To: Pavel Pautov via nginx-devel <nginx-devel@nginx.org> > Subject: Re: SSL contexts reuse across locationsby Pavel Pautov via nginx-devel - Nginx Development
Hello! On Sat, Jun 25, 2022 at 01:02:21AM +0000, Pavel Pautov via nginx-devel wrote: > > -----Original Message----- > > From: Maxim Dounin <mdounin@mdounin.ru> > > Sent: Thursday, June 16, 2022 18:51 > > > > Hello! > > > > On Thu, Jun 16, 2022 at 08:26:48AM +0000, Pavel Pautov via nginx-devel wrote: > > > > > Looks like, we've madby Maxim Dounin - Nginx Development
Hi, > -----Original Message----- > From: Maxim Dounin <mdounin@mdounin.ru> > Sent: Wednesday, May 18, 2022 11:32 [..] > > At very least, ngx_http_proxy_set_ssl() needs to be converted > > into ngx_http_proxy_create_ssl(). > > You may want to focus on actually making the code more readable > and abstracting it into ngx_http_proxy_set_ssl() instead. > Somethiby Pavel Pautov via nginx-devel - Nginx Development
Hello! On Wed, May 18, 2022 at 07:20:51AM +0000, Pavel Pautov via nginx-devel wrote: > Hello, > > Attaching POC patch for > https://trac.nginx.org/nginx/ticket/1234. > > At very least, ngx_http_proxy_set_ssl() needs to be converted > into ngx_http_proxy_create_ssl(). You may want to focus on actually making the code more readable and abstracting it into ngx_http_proxy_by Maxim Dounin - Nginx Development
Hi, On Mon, Feb 07, 2022 at 01:27:15PM +0100, Jiří Setnička via nginx-devel wrote: > Hello, > > > Thanks for sharing your work. Indeed, nginx currently lacks a good solution > > for serving a file that's being downloaded from upstream. We tried to address > > this issue a few years ago. Our solution was similar to yours, but instead > > of sharing theby Roman Arutyunyan - Nginx Development
Hello, > Thanks for sharing your work. Indeed, nginx currently lacks a good solution > for serving a file that's being downloaded from upstream. We tried to address > this issue a few years ago. Our solution was similar to yours, but instead > of sharing the temp file between workers, we moved the temp file to its > destination right after writing the header. A new bit waby Jiří Setnička via nginx-devel - Nginx Development
Hello, On Fri, Jan 28, 2022 at 05:31:52PM +0100, Jiří Setnička via nginx-devel wrote: > Hello! > > Over the last few months, we (a small team of developers including me > and Jan Prachař, both from CDN77) developed a missing feature for the > proxy caching in Nginx. We are happy to share this feature with the > community in the following patch series. > > Wby Roman Arutyunyan - Nginx Development