How to turn off gzip compression for SSL traffic

Igor Sysoev igor at
Mon Aug 19 04:43:02 UTC 2013

On Aug 18, 2013, at 14:27 , howard chen wrote:

> Hi,
> Thanks for the insight.
> Finally I solved by:
> if ($scheme = https) {
>     gzip off;
> }

This does not work on server level. And on location level it may work in wrong way.

> Separating into two servers require to duplicate the rules like rewrite, which is cumbersome.

I believe that dual mode server block may be subject to vulnerabilities due to site map,
so BREACH is the least of them.

Igor Sysoev

> On Sat, Aug 17, 2013 at 8:43 PM, Igor Sysoev <igor at> wrote:
> On Aug 17, 2013, at 8:59 , howard chen wrote:
>> Hi,
>> As you know, due the breach attack (, HTTP compression is no longer safe (I assume nginx don't use SSL compression by default?), so we should disable it.
> Yes, modern nginx versions do not use SSL compression.
>> Now, We are using config like the following:
>>     gzip on;
>>     ..
>>     server {
>>         listen default_server;
>>         listen default_server ssl;
>> With the need to split into two servers section, is it possible to turn off gzip when we are using SSL?
> You have to split the dual mode server section into two server server sections and set "gzip off"
> SSL-enabled on. There is no way to disable gzip in dual mode server section, but if you really
> worry about security in general the server sections should be different.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list