diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java
index b362ac41796..f4476b4f78c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java
@@ -181,6 +181,7 @@ public class Security {
         settingsBuilder.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME);
         settingsBuilder.put(NetworkModule.TRANSPORT_SERVICE_TYPE_KEY, Security.NAME);
         settingsBuilder.put(NetworkModule.HTTP_TYPE_SETTING.getKey(), Security.NAME);
+        ShieldNettyHttpServerTransport.overrideSettings(settingsBuilder, settings);
         addUserSettings(settingsBuilder);
         addTribeSettings(settingsBuilder);
         return settingsBuilder.build();
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java
index be4e4346704..3c46a19b16e 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java
@@ -28,6 +28,7 @@ import javax.net.ssl.SSLEngine;
 
 import java.util.Collections;
 
+import static org.elasticsearch.http.HttpTransportSettings.SETTING_HTTP_COMPRESSION;
 import static org.elasticsearch.shield.Security.setting;
 import static org.elasticsearch.shield.transport.SSLExceptionHelper.isCloseDuringHandshakeException;
 import static org.elasticsearch.shield.transport.SSLExceptionHelper.isNotSslRecordException;
@@ -138,4 +139,10 @@ public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport {
         settingsModule.registerSetting(CLIENT_AUTH_SETTING);
         settingsModule.registerSetting(DEPRECATED_SSL_SETTING);
     }
+
+    public static void overrideSettings(Settings.Builder settingsBuilder, Settings settings) {
+        if (SSL_SETTING.get(settings) && SETTING_HTTP_COMPRESSION.exists(settings) == false) {
+            settingsBuilder.put(SETTING_HTTP_COMPRESSION.getKey(), false);
+        }
+    }
 }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java
index 58f5e9a28d3..c769b49cf52 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java
+++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java
@@ -9,6 +9,7 @@ import org.elasticsearch.common.network.NetworkService;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.BigArrays;
 import org.elasticsearch.env.Environment;
+import org.elasticsearch.http.HttpTransportSettings;
 import org.elasticsearch.http.netty.NettyHttpMockUtil;
 import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
 import org.elasticsearch.shield.ssl.ServerSSLService;
@@ -115,4 +116,32 @@ public class ShieldNettyHttpServerTransportTests extends ESTestCase {
         assertThat(customEngine.getEnabledProtocols(), arrayContaining("TLSv1.2"));
         assertThat(customEngine.getEnabledProtocols(), not(equalTo(defaultEngine.getEnabledProtocols())));
     }
+
+    public void testDisablesCompressionByDefaultForSsl() throws Exception {
+        Settings settings = Settings.builder()
+                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
+
+        Settings.Builder pluginSettingsBuilder = Settings.builder();
+        ShieldNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
+        assertThat(HttpTransportSettings.SETTING_HTTP_COMPRESSION.get(pluginSettingsBuilder.build()), is(false));
+    }
+
+    public void testLeavesCompressionOnIfNotSsl() throws Exception {
+        Settings settings = Settings.builder()
+                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), false).build();
+        Settings.Builder pluginSettingsBuilder = Settings.builder();
+        ShieldNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
+        assertThat(pluginSettingsBuilder.build().isEmpty(), is(true));
+    }
+
+    public void testDoesNotChangeExplicitlySetCompression() throws Exception {
+        Settings settings = Settings.builder()
+                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true)
+                .put(HttpTransportSettings.SETTING_HTTP_COMPRESSION.getKey(), true)
+                .build();
+
+        Settings.Builder pluginSettingsBuilder = Settings.builder();
+        ShieldNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
+        assertThat(pluginSettingsBuilder.build().isEmpty(), is(true));
+    }
 }