Am 09.02.2016 um 15:10 schrieb Christopher Schultz:
> On 2/9/16 6:28 AM, dku...@ccilindia.co.in wrote:
>
> > and then VA test results show that HSTS is not configured.
>
> It looks like "VA test" has a broken client: it's not issuing a valid
> HTTP request.
Just to make sure it's not the most o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Deepak,
On 2/9/16 6:28 AM, dku...@ccilindia.co.in wrote:
> Dear Harrie,
>
> We have already implemented the said configuration of filter.
>
> Still we are unable to implement HSTS. This configuration works
> absolutely fine on tomcat running running
is greatly appreciated.
From: "Harrie Robins"
To: "'Tomcat Users List'"
Date: 08-02-2016 20:51
Subject: RE: HSTS missing from HTTPS server on tomcat 8.0.27
Hello!
Missing HSTS is not a vulnerability, as Mark pointed out, it is a feature.
In you
Hello!
Missing HSTS is not a vulnerability, as Mark pointed out, it is a feature.
In your web.xml
httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
hstsEnabled
true
hstsMaxAgeSeconds
3153
On 08/02/2016 14:49, dku...@ccilindia.co.in wrote:
> Hi,
>
> We are unable to fix the vulnerability of "HSTS missing from HTTPS server"
That is a not a security vulnerability. It is a configuration choice.
> on apache tomcat 8.0.27 while running on unix operating system. Below is
> the system
