It has been 11 months since I last enabled TLS 1.3 for nginx. After nearly a year, many nginx-related programs and patches have undergone significant changes: OpenSSL has released beta versions of 1.1.1, with the latest being 1.1.1-pre8 (Beta 6) at the time of writing. nginx has been updated to version 1.15.1. Bugs in nginx's HPACK patch (HTTP header compression) have been fixed by subsequent patches. Using the original HPACK patch causes abnormal website access, manifesting as protocol errors when attempting to load subsequent pages after the first. A developer has released an OpenSSL patch enabling the latest OpenSSL to simultaneously support TLS 1.3 draft versions 23, 26, and 28. Lets Encrypt certificates now include Certificate Transparency information by default,...

OpenSSL provides experimental support for TLS 1.3 in its latest beta version, including a series of performance and security optimizations. The latest nginx 1.13 series has also added relevant options for TLS 1.3. However, since TLS 1.3 is still in draft status, there are some challenges to overcome when using it now: TLS 1.3 currently has three draft versions (18, 19, 20) implemented by OpenSSL and others, but they are mutually incompatible, and no SSL library combines all three. Browsers like Chrome and Firefox widely use draft version 18, but this version of OpenSSL doesn't support TLS extensions, which are required for Certificate Transparency. Although the latest nginx-ct plugin adds Certificate Transparency support for TLS 1.3, due to issue #2,...

On April 8, 2014, Microsoft officially discontinued support services for Windows XP. On April 8, 2014, the renowned open-source SSL support software OpenSSL exposed the "Heartbleed" vulnerability. Against this vulnerability, nearly all current IDS systems and firewalls are defenseless. SSL, fully known as Secure Socket Layer, is a widely used encryption protocol on the internet that prevents data from being eavesdropped during transmission between users and servers. OpenSSL is an open-source SSL support software. By invoking it, any software can easily implement SSL encrypted connections without needing to research SSL from scratch. The HTTPS protocol utilizes SSL to protect user data, and major websites redirect users to HTTPS pages during login to safeguard user information. However,...