trying to disable gzip
Jeffrey Walton
noloader at gmail.com
Thu Oct 19 17:22:30 UTC 2023
On Thu, Oct 19, 2023 at 12:36 AM alienmega via nginx <nginx at nginx.org> wrote:
>
> Thank you for the information. I didnt notice I was lookgin at the wrong place. It turns out that the culprit is cloudflare. If I dont use it, I can see the gzip going on and off(as expected), but as soo as I use cloudflare, it overwrites that response. Now I need to check on cloudflare if there is anyway to turn it off.
One comment about 3rd parties, like Cloudfare... Remember, the cloud
is just someone else's machine. If Cloudfare is supporting protocols
like SDPY, then compression is baked into the protocol. You cannot
disable compression in this case. So compression may be available and
used on their web servers whether you want it or not.
An easier way to avoid CRIME and BREACh may be to use TLS v1.2 and
above with AEAD ciphers modes like CCM or GCM since CRIME and BREACH
were timing attacks on cipher modes like CBC. Stream ciphers should
avoid the problem, too, like TLS v1.3's ChaCha20-Poly1305.
Jeff
More information about the nginx
mailing list