diff options
| author | April King <april@mozilla.com> | 2015-09-23 14:25:54 +0100 |
|---|---|---|
| committer | April King <april@mozilla.com> | 2015-09-23 14:25:54 +0100 |
| commit | a2f4e311bca93b5e95349ca4b49811f8e65a3c19 (patch) | |
| tree | 8fe1c84bf8d0346b605b584cb0505e83854e07cd | |
| parent | 51012ff0cfcf338569dba0214db1b6657f5f5250 (diff) | |
| download | server-side-tls-a2f4e311bca93b5e95349ca4b49811f8e65a3c19.zip server-side-tls-a2f4e311bca93b5e95349ca4b49811f8e65a3c19.tar.gz server-side-tls-a2f4e311bca93b5e95349ca4b49811f8e65a3c19.tar.bz2 | |
15724800 -> 15768000, to bring inline with generator (182 versus 182.5 days)
| -rw-r--r-- | Server_Side_TLS.mediawiki | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Server_Side_TLS.mediawiki b/Server_Side_TLS.mediawiki index 3972309..43287e3 100644 --- a/Server_Side_TLS.mediawiki +++ b/Server_Side_TLS.mediawiki @@ -38,7 +38,7 @@ For services that don't need backward compatibility, the parameters below provid * DH Parameter size: '''2048''' * Elliptic curves: '''secp256r1, secp384r1, secp521r1''' (at a minimum) * Certificate signature: '''SHA-256''' -* HSTS: '''max-age=15724800''' +* HSTS: '''max-age=15768000''' == <span style="color:orange;">'''Intermediate'''</span> compatibility (default) == For services that don't need compatibility with legacy clients (mostly WinXP), but still need to support a wide range of clients, this configuration is recommended. It is is compatible with Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1. @@ -266,9 +266,9 @@ The current recommendation for web servers is to enable session resumption and b [https://tools.ietf.org/html/rfc6797 HSTS] is a HTTP header sent by a server to a client, indicating that the current site must only be accessed over HTTPS until expiration of the HSTS value is reached. -The header format is very simple, composed only of a '''max-age''' parameter that indicates when the directive should expire. max-age is expressed in seconds. A typical value is 15724800 seconds, or 6 months. +The header format is very simple, composed only of a '''max-age''' parameter that indicates when the directive should expire. max-age is expressed in seconds. A typical value is 15768000 seconds, or 6 months. <pre> -Strict-Transport-Security: max-age=15724800 +Strict-Transport-Security: max-age=15768000 </pre> HSTS is becoming more and more of a standard, but should only be used when the site's operators are confident that HTTPS will be available continuously for the duration of max-age. Once the HSTS header is sent to client, HTTPS cannot be disabled on the site until the last client has expired its HSTS record. |