On Aug 17, 2013, at 8:59 , howard chen wrote:
> Hi,
>
> As you know, due the breach attack (http://breachattack.com), HTTP compression is no longer safe (I assume nginx don't use SSL compression by default?), so we should disable it.
Yes, modern nginx versions do not use SSL compression.
> Now, We are using config like the following:
>
> gzip on;
> ..
>
> server {
> listen 127.0.0.1:80 default_server;
> listen 127.0.0.1:443 default_server ssl;
>
>
>
> With the need to split into two servers section, is it possible to turn off gzip when we are using SSL?
You have to split the dual mode server section into two server server sections and set "gzip off"
SSL-enabled on. There is no way to disable gzip in dual mode server section, but if you really
worry about security in general the server sections should be different.
--
Igor Sysoev
http://nginx.com/services.html
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx