Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/148285
Change subject: bugzilla - raise max-age for STS to 1 year
......................................................................
bugzilla - raise max-age for STS to 1 year
after we delibarately started with just 7 days
to be careful, now raise it to a year.
this will then also fix the TOO SHORT warning
reported by Qualys SSL Server Test
Strict Transport Security (HSTS)
Yes max-age=604800 TOO SHORT (less than 180 days)
1 year is also used in examples on OWASP and en.wp
Change-Id: Idbdccbcce87b87774d199576f62dd1f8000e7491
---
M modules/bugzilla/templates/apache/bugzilla.wikimedia.org.erb
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/85/148285/1
diff --git a/modules/bugzilla/templates/apache/bugzilla.wikimedia.org.erb
b/modules/bugzilla/templates/apache/bugzilla.wikimedia.org.erb
index 9f1465a..11107c7 100644
--- a/modules/bugzilla/templates/apache/bugzilla.wikimedia.org.erb
+++ b/modules/bugzilla/templates/apache/bugzilla.wikimedia.org.erb
@@ -73,7 +73,7 @@
SSLCertificateKeyFile /etc/ssl/private/<%= @svc_name %>.key
SSLCACertificatePath /etc/ssl/certs/
- Header set Strict-Transport-Security "max-age=604800"
+ Header set Strict-Transport-Security "max-age=31536000"
<Directory />
Options FollowSymLinks
--
To view, visit https://gerrit.wikimedia.org/r/148285
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idbdccbcce87b87774d199576f62dd1f8000e7491
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
