Am 09.02.2016 um 15:10 schrieb Christopher Schultz:
> On 2/9/16 6:28 AM, dku...@ccilindia.co.in wrote:
>
> > and then VA test results show that HSTS is not configured.
>
> It looks like "VA test" has a broken client: it's not issuing a valid
> HTTP request.
Just to make sure it's not the most o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Deepak,
On 2/9/16 6:28 AM, dku...@ccilindia.co.in wrote:
> Dear Harrie,
>
> We have already implemented the said configuration of filter.
>
> Still we are unable to implement HSTS. This configuration works
> absolutely fine on tomcat running running
is greatly appreciated.
From: "Harrie Robins"
To: "'Tomcat Users List'"
Date: 08-02-2016 20:51
Subject: RE: HSTS missing from HTTPS server on tomcat 8.0.27
Hello!
Missing HSTS is not a vulnerability, as Mark pointed out, it is a feature.
In you
Regards,
Harrie
-Original Message-
From: dku...@ccilindia.co.in [mailto:dku...@ccilindia.co.in]
Sent: maandag 8 februari 2016 15:50
To: 'Tomcat Users List'
Subject: HSTS missing from HTTPS server on tomcat 8.0.27
Hi,
We are unable to fix the vulnerability of "HSTS mis
On 08/02/2016 14:49, dku...@ccilindia.co.in wrote:
> Hi,
>
> We are unable to fix the vulnerability of "HSTS missing from HTTPS server"
That is a not a security vulnerability. It is a configuration choice.
> on apache tomcat 8.0.27 while running on unix operating system. Below is
> the system
Hi,
We are unable to fix the vulnerability of "HSTS missing from HTTPS server"
on apache tomcat 8.0.27 while running on unix operating system. Below is
the system configuration:
OS Name: HP-UX
OS Version:B.11.31
Architecture: IA64N
Java Home:/
Hi ,
We are unable to fix the vulnerability of " HSTS missing from HTTPS
server" on apache tomcat 8.0.27 running on unix .
We found the solution for the same by enabling httpHeaderSecurity filter
in conf\web.xml file, tag and it works absolutely fine for tomcat
8.0.27 on windows,
but the
