IBM HTTP Server interim fix for CVE-2009-3555: TLS/SSL protocol vulnerability
This interim fix resolves the following:
Users of IBM HTTP Server 6.0.2, 6.1, and 7.0 with SSL (SSLEnable directive) configured.
CVE-2009-3555: TLS/SSL protocol vulnerability
Apply this fix if SSL is enabled.
IBM HTTP Server is distributing an updated GSKit security library. This standalone GSKit update has been published to the IBM HTTP Server Fixes download site. No configuration is required once
GSKit is updated to 220.127.116.11
The GSKit downloads are located under the 'GSKit Version 7' section for your platform.
For IBM HTTP Server 6.x releases, download the GSKit 18.104.22.168 package and Readme under the section labeled 'PM00675 - IHS Version 6'
For IBM HTTP Server 7.0 releases, download the GSKit 22.214.171.124 package and Readme
under the section labeled 'PM00675 - IHS Version 7'
The GSKit update will be included in the following releases:
15 June 2018