Last checked and updated on 05 Jun 2026
What Is New in NGINX 1.24
This release introduces new features, performance improvements, and essential bug fixes. The main focus is on enhancing the HTTP/3 implementation and refining core functionality.
| Category | Key Changes |
|---|---|
| New Features | HTTP/3 support, New ssl_conf_command directive |
| Improvements | SSL performance, QUIC handling, PCRE2 library support |
| Bug Fixes | Resolver, HTTP/2, SSL, Memory allocation issues |
What are the major HTTP and QUIC enhancements?
The headline feature is the graduation of HTTP/3 support from experimental to stable. This means you can now use the quic parameter in the listen directive for production deployments.
In practice, this allows services to leverage the modern QUIC transport protocol, which reduces latency and improves performance on lossy networks compared to TCP. The implementation now handles connection migrations more robustly, a key aspect of QUIC's mobility support.
Example Configuration
server {
listen 443 quic reuseport;
listen 443 ssl;
ssl_certificate cert.pem;
ssl_certificate_key key.pem;
...
}How is SSL/TLS configuration more flexible now?
A new ssl_conf_command directive provides direct access to OpenSSL configuration. This gives engineers fine-grained control over SSL context settings that were previously difficult or impossible to manage from within NGINX.
This matters because it unlocks advanced TLS tuning. You can now set specific OpenSSL parameters like SessionTicket options or curves for key exchange without waiting for NGINX to implement a dedicated directive for each one.
Example Usage
ssl_conf_command Options SessionTicket;
ssl_conf_command ECParameters prime256v1;What core performance and stability improvements were made?
Several under-the-hood optimizations boost efficiency. SSL shutdown handling was reworked to be more efficient, and the PCRE2 library is now supported alongside the original PCRE, offering potential performance gains in regex matching for location and rewrite rules.
Numerous bug fixes address edge cases. Issues with the resolver crashing on malformed responses, memory leaks during SSL renegotiation, and HTTP/2 request cancellation were resolved, leading to a more stable and reliable server.
FAQ
Is HTTP/3 enabled by default in NGINX 1.24?
No, it still requires explicit configuration. You must add the quic parameter to your listen directive and build NGINX with the appropriate SSL library that supports QUIC (like BoringSSL or a QUIC-compatible OpenSSL fork).
Does the new ssl_conf_command directive replace existing SSL directives?
No, it complements them. It is used for setting OpenSSL-specific parameters that don't have a dedicated NGINX directive. Standard directives like ssl_ciphers or ssl_protocols should still be used for those purposes.
What was the most critical bug fix in this release?
The fix for a bug where a worker process could terminate due to a malformed DNS response from a resolver is significant. It prevents a potential denial-of-service scenario if an upstream resolver sends bad data.
Should I switch from PCRE to PCRE2?
It depends. PCRE2 is actively maintained and may offer better performance and security. If you are building NGINX from source, you can now choose to link against PCRE2 instead. For most binary packages, the distributor will have chosen the default.
Are there any changes to how I should configure HTTP/2?
No, the configuration remains the same (http2 parameter in the listen directive). The changes were internal bug fixes to improve stability, not configuration syntax.