We had a discussion on this list recently about using gzip in the SSL block.
On Aug 17 Igor Sysoev wrote:
>You have to split the dual mode server section into two server server sections and set "gzip off"
>SSL-enabled on. There is no way to disable gzip in dual mode server section, but if you really
>worry about security in general the server sections should be different.
On Sun, Sep 8, 2013 at 10:50 AM, mex <nginx-forum@nginx.us> wrote:
> hi list,
>
> i recently had to dig deeper into nginx + ssl-setup and came up with a
> short documentation on how to setup and run nginx as SSL-Gateway/Offload,
> including SPDY. beside basic configuration this guide covers HSTS-Headers,
> Perfect Forward Secrecy(PFS) and the latest and greatest ssl-based attacks
> like
> CRIME, BEAST, and Lucky Thirteen.
>
> Link: http://www.mare-system.de/blog/page/1378546400/
>
> the reason for this 321th guide to nginx+ssl: i did not found any valid
> source that covers all aspects, including spdy and hsts, so i made this
> collection and will keep it updated.
>
> comments and critics appreciated
>
>
>
> regards,
>
>
> mex
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,242672,242672#msg-242672
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx