Certificate compression not usable in 1.29.1 Docker images

[marvinruder]

Bug Overview

nginx 1.29.1 introduced support for certificate compression. When attempting to use this configuration option by setting

ssl_certificate_compression on;

the log message

nginx: [warn] SSL_CTX_compress_certs() failed, ignored

is printed and no certificate compression is in use.

Expected Behavior

Certificate compression is active.

Steps to Reproduce the Bug

Set ssl_certificate_compression on; and configure any SSL certificate in nginx.conf, then start container.

Environment Details

• Version/release of Docker and method of installation: Docker version 28.3.2, build 1.fc42
• Version of the Docker NGINX image or specific commit: 1.29.1, index digest sha256:2459838ed006e699c252db374550c91490068bbf3b35fa8b9d29bfe0e31b8b95
• Target deployment platform: Docker Compose version 2.39.1
• Target OS: Fedora CoreOS 42.20250721.3.0

Additional Context

It appears that openssl in at least the Alpine-based images is not compiled with support for any compression algorithm referenced in RFC 8879 (see Disabled features in latest build log). Perhaps nginx can include a differently compiled variant of openssl in their images?

[oxpa]

supporting our own build of openssl is quite a bit different challenge altogether. I don't think I want to go down that rabbit hole. If the base distro doesn't support openssl version needed - work with them to bring in the one you need. Or choose another distro.