How to turn off gzip compression for SSL traffic

Igor Sysoev igor at
Mon Aug 19 04:41:41 UTC 2013

On Aug 18, 2013, at 21:09 , itpp2012 wrote:

> Igor Sysoev Wrote:
> -------------------------------------------------------
>> Yes, modern nginx versions do not use SSL compression.
> [...]
>> You have to split the dual mode server section into two server server
>> sections and set "gzip off"
>> SSL-enabled on. There is no way to disable gzip in dual mode server
>> section, but if you really
>> worry about security in general the server sections should be
>> different.
> If modern versions do not use ssl compression why split a dual mode server?
> If gzip is on in the http section, what happens then to the ssl section of a
> dual mode server?

These are different vulnerabilities: SSL compression is subject to
CRIME vulnerability while HTTP/SSL compression is subject to BREACH

Igor Sysoev

More information about the nginx mailing list