[ https://issues.apache.org/jira/browse/TS-1668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Peach updated TS-1668: ---------------------------- Component/s: SSL Security > Traffic Server does currently not implement HSTS > ------------------------------------------------ > > Key: TS-1668 > URL: https://issues.apache.org/jira/browse/TS-1668 > Project: Traffic Server > Issue Type: Bug > Components: Security, SSL > Reporter: Igor Galić > > Apache Traffic Server can be used as Reverse Proxy as well as for {{TLS}} > ({{SSL}}) Termination for a huge number of sites. > As such is the ideal point to implement [HTTP Strict Transport > security|http://tools.ietf.org/html/rfc6797]. > I propose enable administrators to globally ({{records.config}}) configure > HSTS for all sites that offer both, HTTP and HTTPS. (This switch, if > backported, should default to off for stable releases.) > We should further also make it possible to disable this setting per-site > ({{ssl_multicert.config}}). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira