Summary
.bz2 files served from downloads.python.org incorrectly set Content-Encoding: bzip2 in response headers. bzip2 is not a valid HTTP content-encoding value, causing SSL-inspecting proxies to drop the connection with an empty HTTP response.
Current behavior
HTTP/2 200
content-type: application/x-tar
content-encoding: bzip2
The file is not transfer-encoded — it's a .tar.bz2 archive. Setting Content-Encoding: bzip2 tells intermediaries the payload uses bzip2 at the transport layer, which they don't support and may reject per RFC 9110.
Expected behavior
Serve with Content-Type: application/x-bzip2 (or application/x-tar) and no Content-Encoding header. This matches how Apache serves .bz2 files (e.g., downloads.apache.org).
Impact
Users behind SSL-inspecting proxies (corporate/government networks) cannot download .bz2 files from downloads.python.org. Reported via webmaster@ on 2026-04-09.
Likely fix
Update the nginx configuration on the downloads CDN to stop setting Content-Encoding: bzip2 for .bz2 files.
Summary
.bz2files served fromdownloads.python.orgincorrectly setContent-Encoding: bzip2in response headers.bzip2is not a valid HTTP content-encoding value, causing SSL-inspecting proxies to drop the connection with an empty HTTP response.Current behavior
The file is not transfer-encoded — it's a
.tar.bz2archive. SettingContent-Encoding: bzip2tells intermediaries the payload uses bzip2 at the transport layer, which they don't support and may reject per RFC 9110.Expected behavior
Serve with
Content-Type: application/x-bzip2(orapplication/x-tar) and noContent-Encodingheader. This matches how Apache serves.bz2files (e.g.,downloads.apache.org).Impact
Users behind SSL-inspecting proxies (corporate/government networks) cannot download
.bz2files fromdownloads.python.org. Reported via webmaster@ on 2026-04-09.Likely fix
Update the nginx configuration on the downloads CDN to stop setting
Content-Encoding: bzip2for.bz2files.