You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Masaori Koshiba (JIRA)" <ji...@apache.org> on 2015/07/08 08:08:05 UTC

[jira] [Comment Edited] (TS-3216) Add HPKP (Public Key Pinning Extension for HTTP) support

    [ https://issues.apache.org/jira/browse/TS-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14618029#comment-14618029 ] 

Masaori Koshiba edited comment on TS-3216 at 7/8/15 6:07 AM:
-------------------------------------------------------------

Hi [~jpeach@apache.org],

I attached a new patch. Add below configs in {{records.config}} and those configs are overridable from {{ssl_multicert.config}}. 

- {{records.config}}
{noformat}
proxy.config.ssl.hpkp.enabled
proxy.config.ssl.hpkp.backup_csr.filename
proxy.config.ssl.hpkp.report_only
proxy.config.ssl.hpkp.report_uri
proxy.config.ssl.hpkp.max_age
proxy.config.ssl.hpkp.include_subdomains
{noformat}

- {{ssl_multicert.config}}
{noformat}
hpkp_enabled
hpkp_backup_csr_filename
hpkp_report_only
hpkp_report_uri
hpkp_max_age
hpkp_include_subdomains
{nofotmat}

This patch also have {{Public-Key-Pins-Report-Only}} and {{report-uri}} support.


was (Author: masaori):
Hi [~jpeach@apache.org],

I attached a new patch. Add below configs in {{records.config}} and those configs are overridable from {{ssl_multicert.config}}. 

{noformat}
proxy.config.ssl.hpkp.enabled
proxy.config.ssl.hpkp.backup_csr.filename
proxy.config.ssl.hpkp.report_only
proxy.config.ssl.hpkp.report_uri
proxy.config.ssl.hpkp.max_age
proxy.config.ssl.hpkp.include_subdomains
{noformat}

This patch also have {{Public-Key-Pins-Report-Only}} and {{report-uri}} support.

> Add HPKP (Public Key Pinning Extension for HTTP) support
> --------------------------------------------------------
>
>                 Key: TS-3216
>                 URL: https://issues.apache.org/jira/browse/TS-3216
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: SSL
>            Reporter: Masaori Koshiba
>              Labels: review
>             Fix For: 6.1.0
>
>         Attachments: hpkp-001.patch, hpkp-002.patch, hpkp-003.patch
>
>
> Add "Public Key Pinning Extension for HTTP" Support in Traffic Server.
> RFC 7469 Public Key Pinning Extension for HTTP
> - https://tools.ietf.org/html/rfc7469



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)