How to turn off gzip compression for SSL traffic
Igor Sysoev
igor at sysoev.ru
Sat Aug 17 12:43:51 UTC 2013
On Aug 17, 2013, at 8:59 , howard chen wrote:
> Hi,
>
> As you know, due the breach attack (http://breachattack.com), HTTP compression is no longer safe (I assume nginx don't use SSL compression by default?), so we should disable it.
Yes, modern nginx versions do not use SSL compression.
> Now, We are using config like the following:
>
> gzip on;
> ..
>
> server {
> listen 127.0.0.1:80 default_server;
> listen 127.0.0.1:443 default_server ssl;
>
>
>
> With the need to split into two servers section, is it possible to turn off gzip when we are using SSL?
You have to split the dual mode server section into two server server sections and set "gzip off"
SSL-enabled on. There is no way to disable gzip in dual mode server section, but if you really
worry about security in general the server sections should be different.
--
Igor Sysoev
http://nginx.com/services.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130817/2c490317/attachment.html>
More information about the nginx
mailing list