"The connection is not compressed" from Chrome with SSL

jpiasetz asked:

I’m running nginx with SSL on Ubuntu 10.04LTS. Chrome gives me this annoying warning when I inspect the certificate:

The connection is not compressed.

In the response it looks like it is being sent gzipped though:

Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:keep-alive
Content-Encoding:gzip
Content-Type:text/html; charset=utf-8
Date:Sun, 12 Feb 2012 09:00:38 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Pragma:no-cache
Server:nginx/1.0.5
Transfer-Encoding:chunked
Vary:Accept-Encoding
X-Powered-By:PHP/5.3.6-13ubuntu3.3`

My answer:


Since this question was asked, a serious security vulnerability (the BEAST attack) was discovered making it possible to compromise an SSL/TLS session if the SSL/TLS session is compressed. To mitigate this, both servers and browsers are beginning to disable compression; you will need to use HTTP compression instead, and that only sparingly if at all, to mitigate yet another vulnerability (the CRIME attack).


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.