"The connection is not compressed" from Chrome with SSL

jpiasetz asked:

I’m running nginx with SSL on Ubuntu 10.04LTS. Chrome gives me this annoying warning when I inspect the certificate:

The connection is not compressed.

In the response it looks like it is being sent gzipped though:

Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type:text/html; charset=utf-8
Date:Sun, 12 Feb 2012 09:00:38 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT

My answer:

Since this question was asked, a serious security vulnerability (the BEAST attack) was discovered making it possible to compromise an SSL/TLS session if the SSL/TLS session is compressed. To mitigate this, both servers and browsers are beginning to disable compression; you will need to use HTTP compression instead, and that only sparingly if at all, to mitigate yet another vulnerability (the CRIME attack).

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.