<div dir="ltr"><div>This is documented. Quote from <a href="http://nginx.org/en/docs/http/ngx_http_gzip_module.html">http://nginx.org/en/docs/http/ngx_http_gzip_module.html</a></div><div><br></div><div><b>When using the SSL/TLS protocol, compressed responses may be subject to
<a href="https://en.wikipedia.org/wiki/BREACH">BREACH</a> attacks.
</b></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 4, 2020 at 1:35 PM Rainer Duffner <<a href="mailto:rainer@ultra-secure.de">rainer@ultra-secure.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;"><br><div><br><blockquote type="cite"><div>Am 04.02.2020 um 21:38 schrieb J.R. <<a href="mailto:themadbeaker@gmail.com" target="_blank">themadbeaker@gmail.com</a>>:</div><br><div><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline">I think you are confusing TLS compression with HTTP compression...</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"></div></blockquote></div><br><div><br></div><div><br></div><div>Probably.</div><div>I read that later somewhere else.</div><div><br></div><div>I just wonder why it’s lumped-in in testssl.sh.</div><div><br></div><div><br></div></div>_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div>