We’ve updated Nginx to version 1.13.5. With this update we’ve included the option to use the brotli compression algorithm (it’s still disabled for everyone though). We are looking for volunteers to test the brotli compression, if you are interested please send us an e-mail to support@byte.nl. Brotli is a new compression algorithm from Google which is specifically designed for html/css/javascript content. It compresses these types of content better and faster compared previous algorithms and is support by all modern browers.
Additionally we’ve improved the OCSP cache warming for the let’s encrypt certificates. Right after reloading or restarting NGINX, Firefox users could get an error message because the OCSP response from the CA was not (yet) included in the webservers response. The OCSP response indicates to the browser that the certificate served by the webserver is still considered valid by the CA and has not been revoked. Providing the OCSP response is more secure, faster and more efficient since the browser does not have to ask the CA to validate the certificate. We now warm the OCSP cache directly after reloading or restarting Nginx to work around this issue.