View Issue Details

IDProjectCategoryView StatusLast Update
0012652administrationsecuritypublic2019-01-24 19:16
Reporterrsc 
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version 
Summary0012652: No HTTP Strict Transport Security (HSTS) or centos.org
DescriptionAs of writing, there is no HTTP Strict Transport Security (HSTS) for centos.org. Explanations at: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security - HSTS with long duration would be my personal expectation.
Tagsca-certificates

Activities

rsc

rsc

2017-01-14 11:16

reporter   ~0028357

Btw, HSTS with long duration should improve the SSL test result by Qualys SSL Labs from A to A+, I think.
arrfab

arrfab

2018-05-07 10:40

administrator   ~0031725

bugs triage, and hsts was enabled for www.centos.org (not for all subdomains though)

Issue History

Date Modified Username Field Change
2017-01-14 11:15 rsc New Issue
2017-01-14 11:16 rsc Note Added: 0028357
2018-05-07 10:40 arrfab Status new => resolved
2018-05-07 10:40 arrfab Resolution open => fixed
2018-05-07 10:40 arrfab Note Added: 0031725
2019-01-24 18:08 radhefa7 Tag Attached: ca-certificates