Bad Decompression error after default ssl_session_timeout
Maxim Dounin
mdounin at mdounin.ru
Wed May 23 08:24:44 UTC 2012
Hello!
On Wed, May 23, 2012 at 03:03:33AM -0400, lima wrote:
> Thanks for the reply.
>
> The first solution has solved the problem!! unfortunately we cannot make
> proxy_ssl_session_reuse off, as it may affect the performance. And the
> second option given by you is also cannot be done as the system team has
> some concern over it. The Openssl version we are using is the latest one
> supported by the CentOS version we are using.
>
> Is it possible to configure/compile nginx without zlib support?
This isn't about nginx and zlib support, it's about OpenSSL and
zlib support.
The zlib support in the OpenSSL version you are using is known to
have problems, and it can't be switched off dynamically as the
SSL_OP_NO_COMPRESSION option appeared only in OpenSSL 1.0.0.
Another workaround you may try is to force SSLv2 between nginx and
backend servers (by using appropriate settings on backends), it
should eliminate compression as it's not supported in SSLv2
protocol.
You may also try compiling nginx statically with newer version of
OpenSSL (or the same one, but without zlib support) by using
./configure --with-openssl=..., it might help as well.
> Again, is the gzip module creating problem here? We tried with gzip on
> and off but still it was giving the same problem.
No, gzip module is completely unrelated.
Maxim Dounin
More information about the nginx
mailing list