This is documented. Quote from
http://nginx.org/en/docs/http/ngx_http_gzip_module.html
*When using the SSL/TLS protocol, compressed responses may be subject to
BREACH https://en.wikipedia.org/wiki/BREACH attacks. *
On Tue, Feb 4, 2020 at 1:35 PM Rainer Duffner <rainer@ultra-secure.de>
wrote:
>
>
> Am 04.02.2020 um 21:38 schrieb J.R. <themadbeaker@gmail.com>:
>
> I think you are confusing TLS compression with HTTP compression...
>
>
>
>
> Probably.
> I read that later somewhere else.
>
> I just wonder why it’s lumped-in in testssl.sh.
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx