Bug 54918 - Implement RFC 6797 HTTP Strict Transport Security (HSTS)
Summary: Implement RFC 6797 HTTP Strict Transport Security (HSTS)
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.5-HEAD
Hardware: All All
: P2 enhancement with 3 votes (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-05-02 03:32 UTC by Takashi Sato
Modified: 2014-11-12 12:57 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Takashi Sato 2013-05-02 03:32:51 UTC 
Of course, admins can enable HSTS with mod_headers, for example:
Header set Strict-Transport-Security "max-age=86400; includeSubDomains"
but admins have to know the specification detail.

Implementing it makes it easy to HSTS-ize.
Comment 1 Matafagafo 2014-11-12 12:37:09 UTC 
If I not wrong, this is the only way to have HSTS enabled in APR, I'm correct ?
If it's true, this become much more important, correct ?
Comment 2 Jeff Trawick 2014-11-12 12:43:37 UTC 
>have HSTS enabled in APR

What is "APR" here?  (This issue is not applicable to Apache Portable Runtime -- libapr)
Comment 3 Matafagafo 2014-11-12 12:57:19 UTC 
(In reply to Jeff Trawick from comment #2)
> >have HSTS enabled in APR
> 
> What is "APR" here?  (This issue is not applicable to Apache Portable
> Runtime -- libapr)

You're right, with APR I mean Apache Portable Runtime, so, I'm sorry for the bug spam.
And thanks for your response.