Hi, You're mixing up the concepts of TLS compression and HTTP compression. They are different things. Indeed TLS compression is not advised due to security concerns.
However, this has nothing to do with HTTP compression, which is normally done using gzip or brotli algorithms, and specified as "Content-Encoding" on the HTTP header. HTTP compression is generally advised when you often provide highly compressible files (like HTMLs) but keep in mind that it has a CPU cost noticeable for very intense traffic sites. That's why sometimes you might want to use HAProxy to compress HTTP responses to offload the CPU cost from your backend server. In HAProxy you can use http://www.libslz.org/, which provides ultra-fast compression with the gzip algorithm. BR., Emerson Em seg., 21 de fev. de 2022 às 14:26, Tom Browder <[email protected]> escreveu: > I'm getting ready to try 2.5 HAProxy on my system and see http comression > is recommended. > > I am running Apache 2.4.52 and have for years tried to keep its TLS > security as good as possible according to what advice I get from the Apache > docs and SSL Labs. From those sources I thought https should not use > compression because of some known exploit, so I'm not currently using it. > My sites get an A+ rating from SSL Labs testing. > > So, not being at all an expert, I plan not to use the compression > (although I've always wanted to). Perhaps I'm not as up-to-date as I > should be (this is a hobbly, but it's an important one, although I can't > spend the time on it I would like to). > > Your thoughts and advice are appreciated. > > -Tom >
