This switches to a fully custom log format instead of using a variant of
the standard combined format since we don't use any tools requiring the
logs to be a standard format. This provides a cleaner format, allows us
to freely add new fields and gets rid of legacy/redundant fields.
The redundant timestamp already provided as the syslog timestamp is
dropped along with the legacy identd field always set to a dash.
This adds the connection serial number for identifying requests coming
from the same connection. TLS version is added as a replacement for our
previous addition of the URI scheme. This also adds the total request
length and total bytes sent to the client instead of only the body bytes
sent.
This only improves performance for the initial page load by sending
resources that are almost always needed before the client receives the
preload headers and fetches them. It can degrade performance in some
edge cases such as clients with web fonts disabled or if the session
cookie is cleared without the cache being cleared. Clients can cancel
the push transfers once they start receiving them, but it's wasteful.
Safari and Firefox still support this feature but are likely to follow
the lead of Chromium and drop support for it. Few websites are going to
bother with it without Chromium support and usage is already dropping.
The purpose of this document was to respond to false claims from James
Donaldson about myself and GrapheneOS. He changed his story about what
happened many times since this was posted. He didn't move forward with
his attempt at taking us to court and this was never used beyond being
posted on our site as a public response.
Nearly all of his supporters realized he was misleading them and left
for greener pastures. Most of them are now using GrapheneOS. We don't
need to refute outdated attacks on GrapheneOS from a person that's now
almost completely irrelevant, especially since he's now trying not to
draw attention to this since he came out looking so terrible. He quietly
misleads people about what happened with his latest historical revisions
and those are countered better by our newer pages summarizing it.
This is useless for TLSv1.3 since there's no longer any distinction in
the protocol based on whether the server is using stateless or stateful
session resumption. OpenSSL has a non-standard anti-replay mechanism for
0-RTT based on stateful session resumption but 0-RTT still ends up being
a downgrade for the TLS security properties. nginx disables that feature
since otherwise 0-RTT wouldn't work with the default stateless approach.
Since this cache is only used for TLSv1.2 when stateless resumption
isn't disabled and nearly all TLSv1.2 clients support tickets, it isn't
getting any significant use. It provides worse forward secrecy than
tickets because we implement ticket key rotation based on the expiry
time and sessions aren't actively purged from the stateful cache when
they expire. Cached session state varies in size and nginx ends up
writing errors to the log when clearing out a session fails to make room
for a new one due to it being larger. It's best to finally get rid of
this flawed approach to session resumption.
TLSv1.3 provides the option of forward secrecy for resumed sessions and
it's the only approach that's normally enabled so we don't need to worry
about this anymore once TLSv1.2 is disabled as long as we never enable
0-RTT which weakens forward secrecy and other security properties.
Since merge_slashes gets rid of the redundant slashes, a no-op rewrite
will get rid of all of them at once instead of requiring one redirect to
get rid of each redundant slash.
This avoids needing to conditionally add nopush to each preloaded
resource in the Link header. There's also no support for pushing
JavaScript modules via http2_push_preload since nginx doesn't have
support for rel=modulepreload.
