"SSL compression" config & usage when SPDY's in use?

Maxim Dounin mdounin at mdounin.ru
Thu Jul 12 21:30:59 UTC 2012


Hello!

On Thu, Jul 12, 2012 at 11:42:19AM -0700, pgndev wrote:

> I'm running
> 
> 	nginx 1.3.3 + spdy/47
> 
> SPDY's enabled and functioning.  At least it's seen in headers,
> detected by browsers, etc.
> 
> In Chromium, SSL site-cert popup reports
> 
> 	"The connection does not use SSL compression."
> 
> Reading
> 
> 	SSL, Compression, and You
> 	http://www.belshe.com/2010/11/18/ssl-compression-and-you/
> 
> 	Nginx memory usage with SSL
> 	http://www.toofishes.net/blog/nginx-memory-usage-ssl/
> 
> 	http://trac.nginx.org/nginx/changeset/4186/nginx
> 
> 	http://trac.nginx.org/nginx/changeset/4187/nginx
> 
> I'm a bit confused as to what the expected/preferred behavior is, re:
> SSL compression,
> 
> I've built against,
> 
> 	openssl version
> 		OpenSSL 1.0.1c 10 May 2012
> 
> so both
> 
> 	SSL_OP_NO_COMPRESSION
> 	SSL_MODE_RELEASE_BUFFERS
> 
> are certainly available.  I understand they're disabled in nginx by
> default ... just unclear what should be done, and the result with it,
> when SPDY's in the loop.
> 
> should Compression be ON?  how, exactly, should that be config'd with spdy?
> 
> any comment/clarification would be appreciated.

SPDY changes nothing here.  Or, more stictly, it makes SSL 
compression even more pointless, as it introduces headers 
compression on it's own layer.

Maxim Dounin



More information about the nginx-devel mailing list