[
https://issues.apache.org/jira/browse/TS-4502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15314982#comment-15314982
]
Leif Hedstrom commented on TS-4502:
-----------------------------------
Also:
Recommended: If the site owner would like their domain to be included in the
HSTS preload list maintained by Chrome (and used by Firefox and Safari), then
use:
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
> HSTS should clip to the certificate expiry
> ------------------------------------------
>
> Key: TS-4502
> URL: https://issues.apache.org/jira/browse/TS-4502
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
> Reporter: James Peach
> Fix For: sometime
>
>
> When using {{proxy.config.ssl.hsts_max_age}} to send a strict transport
> security header, we should examine the expiry of the certificate we are
> servige the request with, and clip the max HSTS age to the expiry of the
> certificate. This would prevent browsers puking on HSTS when certificates
> expire legitimately.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
