How to turn off gzip compression for SSL traffic

Adie Nurahmadie nurahmadie at gmail.com
Sun Aug 18 17:46:47 UTC 2013


I think you mistake ssl/tls level compression with gzip http compression,
both are different.

If you put gzip in http section, all server sections under this http will
inherits this gzip config.

This is why Igor recommends you to split the server config for SSL and
non-SSL, and put 'gzip on' only at the non-SSL one.




On Mon, Aug 19, 2013 at 12:15 AM, Jonathan Matthews <contact at jpluscplusm.com
> wrote:

> On 18 August 2013 18:09, itpp2012 <nginx-forum at nginx.us> wrote:
> > Igor Sysoev Wrote:
> > -------------------------------------------------------
> >> Yes, modern nginx versions do not use SSL compression.
> > [...]
> >> You have to split the dual mode server section into two server server
> >> sections and set "gzip off"
> >> SSL-enabled on. There is no way to disable gzip in dual mode server
> >> section, but if you really
> >> worry about security in general the server sections should be
> >> different.
> >
> > If modern versions do not use ssl compression why split a dual mode
> server?
> > If gzip is on in the http section, what happens then to the ssl section
> of a
> > dual mode server?
>
> +1
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 
regards,
Nurahmadie
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130819/6c5c616c/attachment.html>


More information about the nginx mailing list