New Nginx 1.28: Enhanced Features

On April 23, 2025, the Nginx development team officially announced a new version of the popular web server — Nginx 1.28.0. This is a major stable branch release that includes a number of important performance, security, and functionality improvements.

Key Changes in Nginx 1.28

1. CUBIC Support for QUIC

Added CUBIC congestion control algorithm (RFC 9438) for QUIC connections. In tests, CUBIC accelerated the transfer of a 500 MB file by 24% at 40 ms latency and 73% at 100 ms latency, especially effective on high BDP connections.

2. Improvements to the Stream Module

• Support for checking client certificate revocation via OCSP.
• Implementation of OCSP Stapling: a server itself provides a CA-authenticated response without a direct request to the CA.
• Enabled caching of SSL certificates, keys, and CRLs on startup and configuration update.

3. TLS Optimization

• Added SSL context inheritance between server and location blocks to reduce CPU load.
• The ssl_client_certificate directive is no longer required to validate client certificates.
• Support for certificates with extended information.
• Increased size of SSL sessions in shared memory up to 8192.
• TLSv1 and TLSv1.1 are disabled by default.

4. Improvements in Proxy, Upstrea, and Bind Directives

• Added proxy_pass_trailers directive to pass trailing headers from the proxied server.
• Added a resolve parameter to the server directive inside the upstream to ensure automatic IP update without restarting.
• IPv6 addresses can now be specified in square brackets in proxy_bind, grpc_bind, realip, etc. directives.

5. New Connection Management Features

• Introduced keepalive_min_timeout directive, allowing to specify minimum timeout for keep-alive connections.
• Improved performance with gzip, gunzip, ssi, sub_filter, grpc_pass - reduced memory consumption in long-lived requests.

6. Additions for Mail Proxy

• Added support for SmarterMail-specific IMAP LOGIN mode with untagged CAPABILITY response to ngx_mail_proxy_module.

7. Musl and HTTP/3 Support

• Provided a stable build with Musl C-library.
• Optimized performance and fixed bugs in HTTP/3 implementation.

Compatibility and Upgrades

Nginx 1.28 is fully compatible with configurations of the previous version (1.26), but the developers recommend to carefully read the official documentation before upgrading, especially in case of using non-standard modules.

For users using official repositories, the update is available through the standard package manager.