HTTPS Pinning
Peter Booth
peter_booth at me.com
Fri Jun 7 14:22:32 UTC 2019
Andreas,
Do you know of any large, high traffic sites that are using HSTS today?
Peter
> On Jun 5, 2019, at 12:56 PM, A. Schulze <sca at andreasschulze.de> wrote:
>
>
>
> Am 05.06.19 um 14:54 schrieb Sathish Kumar:
>> Hi Team,
>>
>> We would like to fix the HTTPS pinning vulnerability on our Nginx and Mobile application Android/iOS. If I enable on Nginx, do we need to add the pinning keys on our application and have to rotate the pinning keys everytime when the SSL cert is renewed.
>>
>> Please advise.
>
> HPKP is more or less deprecated. I suggest to no use it anymore.
> Use HSTS, try to understand the implication of "includeSubDomains" and https://hstspreload.org/
>
> Andreas
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list