i recently had to dig deeper into nginx + ssl-setup and came up with a
short documentation on how to setup and run nginx as
including SPDY. beside basic configuration this guide covers
Perfect Forward Secrecy(PFS) and the latest and greatest ssl-based
CRIME, BEAST, and Lucky Thirteen.
a guid on howto nginx + authorization via client certs will be included
the next version of this document
i’ll investigate that gzip-comment, but from what i read so far:
http-compression even in https is ok, while ssl/tls-compression is not;
include any findings and solution, but i’m not finished with that yet.
We had a discussion on this list recently about using gzip in the SSL
On Aug 17 Igor S. wrote:
You have to split the dual mode server section into two server server sections
and set “gzip off”
SSL-enabled on. There is no way to disable gzip in dual mode server section, but
if you really
worry about security in general the server sections should be different.