IBM Support

PM72915: TLS compression should be disabled by default in IHS

Downloadable files


IHS V8R0 and later inadvertently enables TLS Compression by default

Download Description

PM72915 resolves the following problem:

TLS Compression is enabled by default in V8R0 and later, but there is no integration with commonly used compression at the HTTP level.

Users of IBM HTTP Server (IHS) V8R0 and later with SSL enabled on distributed platforms. z/OS is not affected.

TLS Compression was added to GSKit version 8, but there is no
reason to enable this support in IBM HTTP Server which already
has application layer compression support.
The different layers of compression are not aware of each other
and cause unnecessary CPU.

Apply this fix if using SSL with IBM HTTP Server.

To disable TLS compression in IHS levels prior to those including PM72915,
set the following directive everywhere you set the 'SSLEnable' directive:

SSLAttributeSet 445 1

IHS was updated to properly disable TLS Compression by default.
TLS Compression can be re-enabled by setting the 'SSLCompression'
directive to 'ON'.

This fix is targeted for IHS fixpacks:

Note: This interim fix can also be installed using Install Manager (IM) with the
Web-based ("live") repository provided by IBM.



Installation Instructions

Please review the readme.txt for detailed installation instructions.

Download package

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is Fix Central(FC)? 26 Sep 2012 US English 6995579 FC 26 Sep 2012 US English 1561566 FC

Technical support

Contact IBM Support using SR (, visit the WebSphere Application Server support web site (, or contact 1-800-IBM-SERV (U.S. only).

Problems (APARS) fixed

Document information

More support for: IBM HTTP Server
Base Server

Software version: 8.0,,,,, 8.5

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Software edition: All Editions

Reference #: 4033556

Modified date: 23 October 2013

Translate this page: