non port: www/nginx-devel/files/extra-patch-ktls |
Number of commits found: 4 |
Tuesday, 2 Nov 2021
|
16:13 Sergey A. Osokin (osa)
www/nginx-devel: update from 1.21.3 to 1.21.4.
New kernel TLS feature is available starting with FreeBSD 13.0,
and it requires OpenSSL 3.0, compiled with "enable-ktls" option.
Further, KTLS needs to be enabled in kernel, and in OpenSSL,
either via OpenSSL configuration file or with
ssl_conf_command Options KTLS;
in nginx configuration.
To enable kernel TLS on FreeBSD 13 and above:
# kldload ktls_ocf
# sysctl kern.ipc.tls.enable=1
to load a software backend, see man ktls(4) for details.
Also, please visit the following link to get more details
https://hg.nginx.org/nginx/rev/65946a191197
<Changelog>
*) Change: support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
*) Change: now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
*) Change: the default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
*) Feature: the "proxy_half_close" directive in the stream module.
*) Feature: the "ssl_alpn" directive in the stream module.
*) Feature: the $ssl_alpn_protocol variable.
*) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
*) Feature: the "mp4_start_key_frame" directive in the
ngx_http_mp4_module.
Thanks to Tracey Jaquith.
*) Bugfix: in the $content_length variable when using chunked transfer
encoding.
*) Bugfix: after receiving a response with incorrect length from a
proxied backend nginx might nevertheless cache the connection.
Thanks to Awdhesh Mathpal.
*) Bugfix: invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
directive.
</Changelog>
62502a5 |
Friday, 19 Feb 2021
|
19:43 osa
Refresh the kernel TLS patch.
This functionality is available with the following prerequisites:
o) security/openssl built from ports with the kTLS options defined;
o) FreeBSD 13.
Bump PORTREVISION.
Submitted by: jhb
Obtained from: https://github.com/nginx/nginx/compare/master...bsdjhb:ktls.patch
|
Wednesday, 28 Oct 2020
|
14:06 osa
Update the kernel TLS patch to make all hunks succeeded.
Bump PORTREVISION.
|
Friday, 5 Jun 2020
|
22:38 osa
Add kernel TLS option.
It's possible to build nginx on FreeBSD13 with security/openssl
port, compiled with kernel TLS option as well.
Bump PORTREVISION.
Based
on: https://github.com/nginx/nginx/compare/branches/stable-1.16...bsdjhb:ktls-1.16
Reviewed by: jhb
Tested by: jhb
|
Number of commits found: 4 |