The default nginx config provides http compression
gzip on should be turned off.
Tested with: https://github.com/drwetter/testssl.sh
Yep, it should indeed be off (default config has it commented out).
This is fixed in 1.9.10-r1. We'll move this to the stable tree once 1.10 is released.
This issue was resolved and addressed in
GLSA 201606-06 at https://security.gentoo.org/glsa/201606-06
by GLSA coordinator Kristian Fiskerstrand (K_F).