What about BREACH (CVE-2013-3587)?

J.R. themadbeaker at gmail.com
Tue Feb 4 20:38:30 UTC 2020

> testssl.ch still laments about BREACH, when tested against a recent
> nginx 1.16.
> Qualys ssllabs doesn't mention it at all.
> Is it fixed?
> Can you safely enable gzip on ssl-vhosts?

I think you are confusing TLS compression with HTTP compression...

More information about the nginx mailing list