PM72915: TLS compression should be disabled by default in IHS

Download

Abstract

IHS V8R0 and later inadvertently enables TLS Compression by default

Download Description

PM72915 resolves the following problem:

ERROR DESCRIPTION:
TLS Compression is enabled by default in V8R0 and later, but there is no integration with commonly used compression at the HTTP level.

USERS AFFECTED:
Users of IBM HTTP Server (IHS) V8R0 and later with SSL enabled on distributed platforms. z/OS is not affected.

PROBLEM DESCRIPTION:
TLS Compression was added to GSKit version 8, but there is no
reason to enable this support in IBM HTTP Server which already
has application layer compression support.
The different layers of compression are not aware of each other
and cause unnecessary CPU.

RECOMMENDATION:
Apply this fix if using SSL with IBM HTTP Server.

CIRCUMVENTION:
To disable TLS compression in IHS levels prior to those including PM72915,
set the following directive everywhere you set the 'SSLEnable' directive:

SSLAttributeSet 445 1

PROBLEM CONCLUSION:
IHS was updated to properly disable TLS Compression by default.
TLS Compression can be re-enabled by setting the 'SSLCompression'
directive to 'ON'.

This fix is targeted for IHS fixpacks:
- 8.0.0.5
- 8.5.0.1

Note: This interim fix can also be installed using Install Manager (IM) with the
Web-based ("live") repository provided by IBM.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

          [{"DNLabel":"8.0.0.0-WS-WASIHS-MultiOS-IFPM72915","DNDate":"26 Sep 2012","DNLang":"US English","DNSize":"6995579","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.0-WS-WASIHS-MultiOS-IFPM72915&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0-WS-WASIHS-MultiOS-IFPM72915","DNDate":"26 Sep 2012","DNLang":"US English","DNSize":"1561566","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WASIHS-MultiOS-IFPM72915&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Base Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.1;8.0","Edition":"All Editions","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PM72915

Was this topic helpful?

Document Information

Modified date:
07 September 2022

UID

swg24033556

Tips