diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-09-18 17:50:25 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-09-18 17:50:25 +0200 |
| commit | 36c6d7f04d25b63a6b86f418865e7275fb5deae8 (patch) | |
| tree | 4cb1568a1022d9577b8c5eb4a19eb55c9f2f8789 | |
| parent | 65dfc4034cfce163f1749e2b4238da154d31550f (diff) | |
HPKP: increase max-mage directive to 6 months from 1 hour.
| -rw-r--r-- | certs/hpkp-hdr.j2 | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/certs/hpkp-hdr.j2 b/certs/hpkp-hdr.j2 index 0226b5c..31cb81a 100644 --- a/certs/hpkp-hdr.j2 +++ b/certs/hpkp-hdr.j2 @@ -1,16 +1,16 @@ # {{ ansible_managed }} # Do NOT edit this file directly! {% set tmpl = template_path | basename %} {% set pubkey = "certs/public/" + tmpl.rstrip("hpkp-hdr.j2") + ".pub" %} {%- set pins = [] %} {% for pk in [pubkey] + lookup('pipe', 'ls -1 '+pubkey+'.back*').splitlines() -%} {%- set sha256 = lookup('pipe', 'openssl pkey -pubin -outform DER <'+pk+' | openssl dgst -sha256 -binary | base64') -%} {%- set _ = pins.append('pin-sha256="' + sha256 + '"') -%} {%- endfor %} {%- if pins | length > 0 %} -{% set directives = pins + ['max-age=3600'] %} +{% set directives = pins + ['max-age=15768000'] %} add_header Public-Key-Pins '{{ directives | join('; ') }}'; {% endif %} |