templates/web.sssl.template.yml: Disable spdy header compression

As explained here:

https://github.com/18F/tls-standards/issues/24

We shouldn't use spdy header compression with spdy 1.3 (the one packaged with nginx).So, just disable it.

diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml
index aa4d3ef1809a6f7312136fe620a3b42f9b8dcf2f..e0a5b5a6f840774a39d464a50582208edef8cc20 100644 (file)
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -25,8 +25,8 @@ run:
 
        ssl_session_tickets off;
 
-       # enable SPDY header compression
-       spdy_headers_comp 6;
+       # disable SPDY header compression (flawed in spdy < 4)
+       spdy_headers_comp 0;
 
        # remember the certificate for a year and automatically connect to HTTPS for this domain
        add_header Strict-Transport-Security 'max-age=31536000';