PM72915: TLS compression should be disabled by default in IHS

Downloadable files


Abstract

IHS V8R0 and later inadvertently enables TLS Compression by default

Download Description

PM72915 resolves the following problem:

ERROR DESCRIPTION:
TLS Compression is enabled by default in V8R0 and later, but there is no integration with commonly used compression at the HTTP level.

USERS AFFECTED:
Users of IBM HTTP Server (IHS) V8R0 and later with SSL enabled on distributed platforms. z/OS is not affected.

PROBLEM DESCRIPTION:
TLS Compression was added to GSKit version 8, but there is no
reason to enable this support in IBM HTTP Server which already
has application layer compression support.
The different layers of compression are not aware of each other
and cause unnecessary CPU.


RECOMMENDATION:
Apply this fix if using SSL with IBM HTTP Server.

CIRCUMVENTION:
To disable TLS compression in IHS levels prior to those including PM72915,
set the following directive everywhere you set the 'SSLEnable' directive:

SSLAttributeSet 445 1

PROBLEM CONCLUSION:
IHS was updated to properly disable TLS Compression by default.
TLS Compression can be re-enabled by setting the 'SSLCompression'
directive to 'ON'.

This fix is targeted for IHS fixpacks:
- 8.0.0.5
- 8.5.0.1


Note: This interim fix can also be installed using Install Manager (IM) with the
Web-based ("live") repository provided by IBM.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

Download package

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is Fix Central (FC)?
8.0.0.0-WS-WASIHS-MultiOS-IFPM72915 26 Sep 2012 US English 6995579 FC
8.5.0.0-WS-WASIHS-MultiOS-IFPM72915 26 Sep 2012 US English 1561566 FC

Technical support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

Problems (APARS) fixed
PM72915

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM HTTP Server
Base Server

Software version:

8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.5

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows

Software edition:

All Editions

Reference #:

4033556

Modified date:

2013-10-23

Translate my page

Machine Translation

Content navigation