HSTS will be implemented in Firefox and Google Chrome
In the near future, the HTTP Strict Transport Security (HSTS) standard will be supported by Firefox and Google Chrome browsers.
This specification provides an absolutely guaranteed way for the client to communicate with the server through a secure protocol.
Currently, while this standard is not supported, when connecting to the server, the default HTTP connection is established, and only then the browser switches to HTTPS, if available. Such a mechanism leaves the possibility for man-in-the-middle attacks. In turn, the HSTS protocol is designed to close this vulnerability. With the support of HSTS site creators can put the following command on the server
The max-age parameter sets the time in seconds, how much to force an HTTPS session.
')
And then all HTTP requests will be forcibly redirected to HTTPS.
Firefox developers have announced that their support will be implemented in the next version.
This specification provides an absolutely guaranteed way for the client to communicate with the server through a secure protocol.
Currently, while this standard is not supported, when connecting to the server, the default HTTP connection is established, and only then the browser switches to HTTPS, if available. Such a mechanism leaves the possibility for man-in-the-middle attacks. In turn, the HSTS protocol is designed to close this vulnerability. With the support of HSTS site creators can put the following command on the server
Strict-Transport-Security: max-age = 15768000
The max-age parameter sets the time in seconds, how much to force an HTTPS session.
')
And then all HTTP requests will be forcibly redirected to HTTPS.
Firefox developers have announced that their support will be implemented in the next version.
Source: https://habr.com/ru/post/108281/
All Articles