disabling http compression is considered good practice and certain TLS-testing
scripts/sites lower the security rating if it's enabled.
compression is still on by default for the potential speed/performance gain.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
$shcmd .= 'echo \"CIPHERS:\$CIPHERS\";';
$shcmd .= 'echo \"DHPARAMS:\$DHPARAMS\";';
$shcmd .= 'echo \"HONOR_CIPHER_ORDER:\$HONOR_CIPHER_ORDER\";';
+ $shcmd .= 'echo \"COMPRESSION:\$COMPRESSION\";';
my $data = -f $conffile ? `bash -c "$shcmd"` : '';
$res->{$key} = $value;
} elsif ($key eq 'DHPARAMS') {
$res->{$key} = $value;
- } elsif ($key eq 'HONOR_CIPHER_ORDER') {
+ } elsif ($key eq 'HONOR_CIPHER_ORDER' || $key eq 'COMPRESSION') {
die "unknown value '$value' - use 0 or 1\n" if $value !~ m/^(0|1)$/;
$res->{$key} = $value;
} else {
cert_file => '/etc/pve/local/pve-ssl.pem',
honor_cipher_order => $proxyconf->{HONOR_CIPHER_ORDER},
},
+ compression => $proxyconf->{COMPRESSION},
# Note: there is no authentication for those pages and dirs!
pages => {
'/' => sub { get_index($self->{nodename}, @_) },