NGINX 1.30 Released as New Stable Branch With Early Hints and ECH

NGINX has released version 1.30, marking the start of a new stable branch for one of the most widely used web servers, powering more than 32% of websites globally.

This release introduces several major features, including support for HTTP Early Hints, HTTP/2 connections to upstream servers, integration of OpenSSL ECH for Encrypted ClientHello, sticky sessions for upstreams, and Multipath TCP. Additionally, the default upstream HTTP version has been updated to HTTP/1.1 with keep-alive enabled.

TLS and SSL capabilities have also been expanded. Key updates include certificate compression, support for loading keys via OSSL_STORE, compressed server certificates with BoringSSL, new $ssl_sigalg and $ssl_client_sigalg variables, improved SNI handling using the ClientHello callback, and enhanced compatibility with OpenSSL 4.0.

On the HTTP side, NGINX 1.30 improves handling of repeated 103 responses, enables proper delivery of Early Hints over HTTP/2, adds indexed field line encoding for “103 Early Hints” in HTTP/3, and resolves issues related to :authority and Host headers in both HTTP/2 and HTTP/3. It also introduces HTTP CONNECT infrastructure along with a new max_headers directive.

HTTP/3 has received numerous fixes and enhancements, including improvements to variable-length integer handling, acknowledgment behavior under constrained congestion windows, fixes for handshake-related segmentation faults, better stateless reset handling, worker-specific stateless reset tokens, BPF compilation support for newer Linux kernels, integration with the OpenSSL 3.5 QUIC API, and various compatibility updates.

Beyond that, version 1.30 addresses multiple issues related to HTTP/2 upstream support and sticky sessions. Fixes include gRPC request reinitialization with Early Hints, upstream caching problems, segmentation faults during URI changes in proxying, reset handling for pending HTTP/2 control frames, buffer chain resets in gRPC, local address reset handling on errors, and overflow detection in Cache-Control delta-seconds parsing.

nginxIt’s also worth noting that the upstream keepalive module is now enabled by default. In addition, numerous smaller fixes and improvements have been made across different server components. For a complete list of changes, the official changelog provides full details.