HTTP Strict Transport Security becomes Internet Standard
|
|
The Internet Engineering Task Force (IETF) has published RFC 6797, formally declaring the HTTP Strict Transport Security (HSTS) security mechanism for HTTPS as an Internet Standard. HSTS is designed to allow (HTTP) servers to ensure that any services offered can only be accessed via secure connections that are encrypted using mechanisms such as Transport Layer Security (TLS). From a client perspective, HSTS forces applications (User Agents) to only use encrypted connections when communicating with web sites. Sites such as the Open Web Application Security Project's describe how to implement the use of HSTS in web servers such as Apache, Nginx and Lighttpd.
|
|
Full Story |
This topic does not have any threads posted yet!
You cannot post until you login.
