"The connection is not compressed" from Chrome with SSL

Question

I'm running nginx with SSL on Ubuntu 10.04LTS. Chrome gives me this annoying warning when I inspect the certificate:

The connection is not compressed.

In the response it looks like it is being sent gzipped though:

Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:keep-alive
Content-Encoding:gzip
Content-Type:text/html; charset=utf-8
Date:Sun, 12 Feb 2012 09:00:38 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Pragma:no-cache
Server:nginx/1.0.5
Transfer-Encoding:chunked
Vary:Accept-Encoding
X-Powered-By:PHP/5.3.6-13ubuntu3.3`

Answer 1

Since this question was asked, a serious security vulnerability (the BEAST attack) was discovered making it possible to compromise an SSL/TLS session if the SSL/TLS session is compressed. To mitigate this, both servers and browsers are beginning to disable compression; you will need to use HTTP compression instead, and that only sparingly if at all, to mitigate yet another vulnerability (the CRIME attack).

Answer 2

The connection is not compressed. is related to ssl compression, not gzip. Since you response gzip-compressed, there's no need to enable compression on ssl level.

See also: http://www.belshe.com/2010/11/18/ssl-compression-and-you/

Answer 3

SSL compression is disabled intentionally in Nginx. Apparently, to save memory. It may make sense as Chrome is the only browser I know that supports SSL compression.

I use Apache specially for this feature as SSL compression saves a lot of bandwidth by compressing the whole 2-way stream, not just the response body. In my application (ERP web client) the compressed SSL stream uses about 30% to 50% less bandwidth than http compression. So, a lot of bandwidth is saved just by asking users to use Chrome.

If you want to switch to Apache, check my question for information about disabling http compression for enhanced performance.