HTTPS Pinning
A. Schulze
sca at andreasschulze.de
Wed Jun 5 16:56:14 UTC 2019
Am 05.06.19 um 14:54 schrieb Sathish Kumar:
> Hi Team,
>
> We would like to fix the HTTPS pinning vulnerability on our Nginx and Mobile application Android/iOS. If I enable on Nginx, do we need to add the pinning keys on our application and have to rotate the pinning keys everytime when the SSL cert is renewed.
>
> Please advise.
HPKP is more or less deprecated. I suggest to no use it anymore.
Use HSTS, try to understand the implication of "includeSubDomains" and https://hstspreload.org/
Andreas
More information about the nginx
mailing list