IHS V8R0 and later inadvertently enables TLS Compression by default
PM72915 resolves the following problem:
TLS Compression is enabled by default in V8R0 and later, but there is no integration with commonly used compression at the HTTP level.
Users of IBM HTTP Server (IHS) V8R0 and later with SSL enabled on distributed platforms. z/OS is not affected.
TLS Compression was added to GSKit version 8, but there is no
reason to enable this support in IBM HTTP Server which already
has application layer compression support.
The different layers of compression are not aware of each other
and cause unnecessary CPU.
Apply this fix if using SSL with IBM HTTP Server.
To disable TLS compression in IHS levels prior to those including PM72915,
set the following directive everywhere you set the 'SSLEnable' directive:
SSLAttributeSet 445 1
IHS was updated to properly disable TLS Compression by default.
TLS Compression can be re-enabled by setting the 'SSLCompression'
directive to 'ON'.
This fix is targeted for IHS fixpacks:
Note: This interim fix can also be installed using Install Manager (IM) with the
Web-based ("live") repository provided by IBM.
Please review the readme.txt for detailed installation instructions.
|Download||RELEASE DATE||LANGUAGE||SIZE(Bytes)||Download Options
What is Fix Central(FC)?
|18.104.22.168-WS-WASIHS-MultiOS-IFPM72915||26 Sep 2012||US English||6995579||FC|
|22.214.171.124-WS-WASIHS-MultiOS-IFPM72915||26 Sep 2012||US English||1561566||FC|
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed