You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2016/06/02 17:09:59 UTC
[jira] [Created] (TS-4502) HSTS should clip to the certificate
expiry
James Peach created TS-4502:
-------------------------------
Summary: HSTS should clip to the certificate expiry
Key: TS-4502
URL: https://issues.apache.org/jira/browse/TS-4502
Project: Traffic Server
Issue Type: Improvement
Components: SSL
Reporter: James Peach
When using {{proxy.config.ssl.hsts_max_age}} to send a strict transport security header, we should examine the expiry of the certificate we are servige the request with, and clip the max HSTS age to the expiry of the certificate. This would prevent browsers puking on HSTS when certificates expire legitimately.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)