HTTPS Pinning

A. Schulze sca at
Wed Jun 5 16:56:14 UTC 2019

Am 05.06.19 um 14:54 schrieb Sathish Kumar:
> Hi Team,
> We would like to fix the HTTPS pinning vulnerability on our Nginx and Mobile application Android/iOS. If I enable on Nginx, do we need to add the pinning keys on our application and have to rotate the pinning keys everytime when the SSL cert is renewed.
> Please advise.

HPKP is more or less deprecated. I suggest to no use it anymore.
Use HSTS, try to understand the implication of "includeSubDomains" and


More information about the nginx mailing list