James Peach created TS-4502:
-------------------------------
Summary: HSTS should clip to the certificate expiry
Key: TS-4502
URL: https://issues.apache.org/jira/browse/TS-4502
Project: Traffic Server
Issue Type: Improvement
Components: SSL
Reporter: James Peach
When using {{proxy.config.ssl.hsts_max_age}} to send a strict transport
security header, we should examine the expiry of the certificate we are servige
the request with, and clip the max HSTS age to the expiry of the certificate.
This would prevent browsers puking on HSTS when certificates expire
legitimately.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
