[Bug 628292] Setup HTTP Strict Transport Security (connect directly to https)

  sysadmin | Certificates | unspecified

Christer Edwards <christer.edwards> changed:

           What    |Removed                     |Added
             Status|REOPENED                    |RESOLVED
         Resolution|                            |FIXED

--- Comment #5 from Christer Edwards <christer edwards gmail com> 2011-01-03 21:09:13 UTC ---
mail.g.o is already implemented but not required (Dec 30, 2010).

live.g.o is implemented but not required (Jan 03, 2011) with issues:

1) This page includes external resources which are not encrypted. 

(I believe it is this: <a href="http://live.gnome.org/GnomeWorldWide";><img
src="http://www.gnome.org/~jdub/random/GnomeWorldWideSmall.jpg"; alt=""></a>)

2) This certificate had to be retried using SSL 3.0. This typically means the
server is using very old software and may have other security issues.

www.g.o not implemented

I don't think HTTPS Strict Transport Security is warranted for RT. SSL is
currently implemented, but because it is a subfolder of the www.g.o domain I
think HTTPS STS would force it for the whole subdomain, which is not needed and
not configured.

Perhaps as part of our VM migration we can put RT on its own subdomain and
properly implement HTTPS STS.

Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]