Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Improve HSTS header

Browse source 
- always set the header to make it hopefully appear on redirect as well
  (https://fedorahosted.org/fedora-infrastructure/ticket/2888#comment:11)
- set preload, to make it more likely that subdomains can be
  added to preload list
This commit is contained in:
Till Maas 2015-02-04 11:44:35 +01:00
parent 49e1e87d10
commit e67081afe1
3 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/copr/frontend/files/httpd/coprs_ssl.conf
View file

@ -4,7 +4,7 @@
# Use secure TLSv1.1 and TLSv1.2 ciphers
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
Header add Strict-Transport-Security "max-age=15768000"
Header always add Strict-Transport-Security "max-age=15768000; preload"
SSLCertificateFile /etc/pki/tls/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key