We had a discussion on this list recently about using gzip in the SSL block.
On Aug 17 Igor Sysoev wrote: >You have to split the dual mode server section into two server server sections >and set "gzip off" >SSL-enabled on. There is no way to disable gzip in dual mode server section, >but if you really >worry about security in general the server sections should be different. On Sun, Sep 8, 2013 at 10:50 AM, mex <[email protected]> wrote: > hi list, > > i recently had to dig deeper into nginx + ssl-setup and came up with a > short documentation on how to setup and run nginx as SSL-Gateway/Offload, > including SPDY. beside basic configuration this guide covers HSTS-Headers, > Perfect Forward Secrecy(PFS) and the latest and greatest ssl-based attacks > like > CRIME, BEAST, and Lucky Thirteen. > > Link: http://www.mare-system.de/blog/page/1378546400/ > > the reason for this 321th guide to nginx+ssl: i did not found any valid > source that covers all aspects, including spdy and hsts, so i made this > collection and will keep it updated. > > comments and critics appreciated > > > > regards, > > > mex > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,242672,242672#msg-242672 > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
