You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/05/02 05:32:51 UTC

[Bug 54918] New: Implement RFC 6797 HTTP Strict Transport Security (HSTS)

https://issues.apache.org/bugzilla/show_bug.cgi?id=54918

            Bug ID: 54918
           Summary: Implement RFC 6797 HTTP Strict Transport Security
                    (HSTS)
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: takashi@lans-tv.com
    Classification: Unclassified

Of course, admins can enable HSTS with mod_headers, for example:
Header set Strict-Transport-Security "max-age=86400; includeSubDomains"
but admins have to know the specification detail.

Implementing it makes it easy to HSTS-ize.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 54918] Implement RFC 6797 HTTP Strict Transport Security (HSTS)

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=54918

--- Comment #3 from Matafagafo <ma...@yahoo.com> ---
(In reply to Jeff Trawick from comment #2)
> >have HSTS enabled in APR
> 
> What is "APR" here?  (This issue is not applicable to Apache Portable
> Runtime -- libapr)

You're right, with APR I mean Apache Portable Runtime, so, I'm sorry for the
bug spam.
And thanks for your response.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 54918] Implement RFC 6797 HTTP Strict Transport Security (HSTS)

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=54918

--- Comment #1 from Matafagafo <ma...@yahoo.com> ---
If I not wrong, this is the only way to have HSTS enabled in APR, I'm correct ?
If it's true, this become much more important, correct ?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 54918] Implement RFC 6797 HTTP Strict Transport Security (HSTS)

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=54918

--- Comment #2 from Jeff Trawick <tr...@apache.org> ---
>have HSTS enabled in APR

What is "APR" here?  (This issue is not applicable to Apache Portable Runtime
-- libapr)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org