httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eddie B" <ed...@mattermedia.com>
Subject [users@httpd] How is this possible? Apache sends HSTS on a non valid cert but user can proceed, on compatible browser
Date Mon, 06 Oct 2014 21:36:32 GMT
I have an https server that sets the HSTS header, but up to date Chrome (and
other HSTS compatible browsers, such as Firefox 32) still let the user
proceed to HTTPS. Isn't the specific reason HSTS exists to prevent users
from proceeding?

 

Here's the server: http://pastebin.com/JFJw1m40

 

How is this possible?


Mime
View raw message