Mercurial > hg > nginx-site
diff xml/en/docs/http/ngx_http_gzip_module.xml @ 2354:a4ef92436fbc
Documented BREACH attack vulnerability for the gzip module.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Wed, 27 Mar 2019 15:25:14 +0300 |
parents | ca7568f67dee |
children |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_gzip_module.xml Tue Mar 26 17:19:37 2019 +0300 +++ b/xml/en/docs/http/ngx_http_gzip_module.xml Wed Mar 27 15:25:14 2019 +0300 @@ -10,7 +10,7 @@ <module name="Module ngx_http_gzip_module" link="/en/docs/http/ngx_http_gzip_module.html" lang="en" - rev="4"> + rev="5"> <section id="summary"> @@ -18,6 +18,10 @@ The <literal>ngx_http_gzip_module</literal> module is a filter that compresses responses using the “gzip” method. This often helps to reduce the size of transmitted data by half or even more. +<note> +When using the SSL/TLS protocol, compressed responses may be subject to +<link url="https://en.wikipedia.org/wiki/BREACH">BREACH</link> attacks. +</note> </para> </section>