Bad Decompression error after default ssl_session_timeout

Maxim Dounin mdounin at
Wed May 23 08:24:44 UTC 2012


On Wed, May 23, 2012 at 03:03:33AM -0400, lima wrote:

> Thanks for the reply.
> The first solution has solved the problem!! unfortunately we cannot make
> proxy_ssl_session_reuse off, as it may affect the performance. And the
> second option given by you is also cannot be done as the system team has
> some concern over it. The Openssl version we are using is the latest one
> supported by the CentOS version we are using.
> Is it possible to configure/compile nginx without zlib support?

This isn't about nginx and zlib support, it's about OpenSSL and 
zlib support.

The zlib support in the OpenSSL version you are using is known to 
have problems, and it can't be switched off dynamically as the 
SSL_OP_NO_COMPRESSION option appeared only in OpenSSL 1.0.0.

Another workaround you may try is to force SSLv2 between nginx and 
backend servers (by using appropriate settings on backends), it 
should eliminate compression as it's not supported in SSLv2 

You may also try compiling nginx statically with newer version of 
OpenSSL (or the same one, but without zlib support) by using 
./configure --with-openssl=..., it might help as well.

> Again, is the gzip module creating problem here? We tried with gzip on
> and off but still it was giving the same problem.

No, gzip module is completely unrelated.

Maxim Dounin

More information about the nginx mailing list