NGINX has released version 1.30, establishing a new stable branch for the world’s most widely deployed web server, which is currently used by over 32% of all websites.
This release adds support for HTTP Early Hints, HTTP/2 connections to upstream backends, OpenSSL ECH integration for Encrypted ClientHello, sticky sessions for upstreams, and Multipath TCP. The default upstream HTTP version is now set to HTTP/1.1 with keep-alive enabled.
The release also expands TLS and SSL functionality. Notable changes include certificate compression, support for loading keys via OSSL_STORE, compressed server certificates with BoringSSL, new $ssl_sigalg and $ssl_client_sigalg variables, updated SNI handling through the ClientHello callback, and compatibility improvements for OpenSSL 4.0.
HTTP protocol enhancements in NGINX 1.30 include improved handling of repeated 103 responses, address flushing Early Hints over HTTP/2, add indexed field line encoding for “103 Early Hints” in HTTP/3, and resolve issues with :authority and Host handling in HTTP/2 and HTTP/3. The release also introduces HTTP CONNECT infrastructure and the max_headers directive.
Mentioning HTTP/3, it received fixes for variable-length integer handling, acknowledgment behavior under limited congestion windows, handshake-failure segmentation faults, stateless reset handling, worker-bound stateless reset tokens, BPF compilation with newer Linux kernels, OpenSSL 3.5 QUIC API integration, and various compatibility and feature-test improvements.
Along with HTTP/2 upstream and sticky sessions support, version 1.30 resolves gRPC request reinitialization with Early Hints, HTTP/2 upstream caching issues, URI-change segmentation faults in proxying, reset behavior for pending HTTP/2 control frames, gRPC buffer chain resets on upstream reinitialization, local address resets on errors, and overflow detection in Cache-Control delta-seconds parsing.
It’s also worth noting that the upstream keepalive module is now enabled by default. Moreover, many additional fixes have been implemented across other server components. To see all of them in detail, refer to the changelog.
