Tag Archives: HTTP Strict Transport SecurityHTTP Strict Transport Security

HSTS RFC Finalized

November 21, 2012 by Bruce Morton     1 Comment

HTTP Strict Transport Security (HSTS) has been finalized and published as RFC 6797. The purpose of HSTS is to allow a website to declare to complying users’ agents that they should interact with it using a secure connection such as HTTPS. In order to implement HSTS, a website must have a statement in its header, such [Read More...]

HSTS Update

July 16, 2012 by Bruce Morton     No Comments

HTTP Strict Transport Security (HSTS) will soon be finalized and available in an IETF standard. The request for comment (RFC) is at version 11 and the IESG has put out a last call for comments. HSTS is a security policy mechanism where a Web server tells a supporting browser that it can only connect to [Read More...]

SSL/TLS Deployment Best Practices

July 3, 2012 by Bruce Morton     No Comments

SSL Labs has created an SSL/TLS Deployment Best Practices guide. The guide contains valuable information on how to deploy SSL in your environment. The data from SSL Pulse shows us there are plenty of SSL implementations that could be executed more securely. These problems are not from the CA, the certificate, the browser or the [Read More...]