IBM HTTP Server interim fix for CVE-2009-3555: TLS/SSL protocol vulnerability
This interim fix resolves the following:
Users of IBM HTTP Server 6.0.2, 6.1, and 7.0 with SSL (SSLEnable directive) configured.
CVE-2009-3555: TLS/SSL protocol vulnerability
Apply this fix if SSL is enabled.
IBM HTTP Server is distributing an updated GSKit security library. This standalone GSKit update has been published to the IBM HTTP Server Fixes download site. No configuration is required once
GSKit is updated to 126.96.36.199
The GSKit downloads are located under the 'GSKit Version 7' section for your platform.
For IBM HTTP Server 6.x releases, download the GSKit 188.8.131.52 package and Readme under the section labeled 'PM00675 - IHS Version 6'
For IBM HTTP Server 7.0 releases, download the GSKit 184.108.40.206 package and Readme
under the section labeled 'PM00675 - IHS Version 7'
The GSKit update will be included in the following releases:
15 June 2018