Task #1086
closed
- Tags EasyHack, Salt added
- Category set to Webserver
- Status changed from New to In Progress
- Assignee set to Guilhem Moulin
- Target version set to Q2/2020
This is being done as we upgrade our HTTPd (TLS termination proxy) to Debian Buster, with a 1 year expiration time and the includeSubDomains
flag set:
$ curl -sI https://wiki.documentfoundation.org | grep -i Strict-Transport-Security:
strict-transport-security: max-age=31557600; includeSubDomains
Didn't hear any complain about our TLS endpoints or X.509 PKI, so was waaay past time to deploy HSTS. Thanks to Let's Encrypt and ACME certificate rollout is easy (at least until we deploy HPKP too) and should something go bad, the fix wouldn't be to downgrade to plaintext connections, but to fix our TLS endpoint or PKI.
All services hosted on Debian 10 have been dealt with already. That includes the wiki, blog, AskBot, Matomo, Online Help, and more. Other will be dealt with as part of the upgrade path.
- Status changed from In Progress to Closed
Work is done in Satl states, majority of sites handled, rollout will happen automatically with the base OS upgrades
Also available in: Atom
PDF