I would like to disable SPDY on my self-hosted Discourse instance in order to mitigate against the TLS CRIME vulnerability. My understanding based on this post is that SPDY 3.1 is vulnerable to CRIME (at least with header compression enabled).
So, I’d like to know how to disable SPDY and also how to disable SPDY header compression. I’d also be interested if anyone has done an analysis of whether up-to-date Docker install of Discourse is vulnerable to CRIME (since I know it’s a complex topic and I might be misinterpreting things). Thanks!