You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2016/06/02 17:09:59 UTC

[jira] [Created] (TS-4502) HSTS should clip to the certificate expiry

James Peach created TS-4502:
-------------------------------

             Summary: HSTS should clip to the certificate expiry
                 Key: TS-4502
                 URL: https://issues.apache.org/jira/browse/TS-4502
             Project: Traffic Server
          Issue Type: Improvement
          Components: SSL
            Reporter: James Peach


When using {{proxy.config.ssl.hsts_max_age}} to send a strict transport security header, we should examine the expiry of the certificate we are servige the request with, and clip the max HSTS age to the expiry of the certificate. This would prevent browsers puking on HSTS when certificates expire legitimately.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)