On Aug 17, 2013, at 8:59 , howard chen wrote:
> Hi,
>
> As you know, due the breach attack (http://breachattack.com), HTTP
> compression is no longer safe (I assume nginx don't use SSL compression by
> default?), so we should disable it.
Yes, modern nginx versions do not use SSL compression.
> Now, We are using config like the following:
>
> gzip on;
> ..
>
> server {
> listen 127.0.0.1:80 default_server;
> listen 127.0.0.1:443 default_server ssl;
>
>
>
> With the need to split into two servers section, is it possible to turn off
> gzip when we are using SSL?
You have to split the dual mode server section into two server server sections
and set "gzip off"
SSL-enabled on. There is no way to disable gzip in dual mode server section,
but if you really
worry about security in general the server sections should be different.
--
Igor Sysoev
http://nginx.com/services.html
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
