From e8cdae5ccc1aba3dc1e9991cce2942fdf93cabcb Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 12 Jul 2016 17:27:24 +0200 Subject: HSTS: use the standard capitalization of includeSubDomains. Cf. RFC 6797 sec. 6.1.2. --- roles/common-web/files/etc/nginx/snippets/ssl.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/common-web/files/etc/nginx/snippets/ssl.conf b/roles/common-web/files/etc/nginx/snippets/ssl.conf index 4e2da6e..09082e7 100644 --- a/roles/common-web/files/etc/nginx/snippets/ssl.conf +++ b/roles/common-web/files/etc/nginx/snippets/ssl.conf @@ -19,7 +19,7 @@ ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECD ssl_prefer_server_ciphers on; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) -add_header Strict-Transport-Security 'max-age=15768000; includeSubdomains'; +add_header Strict-Transport-Security 'max-age=15768000; includeSubDomains'; # OCSP Stapling: fetch OCSP records from URL in ssl_certificate and cache them # https://github.com/jsha/ocsp-stapling-examples/blob/master/nginx.conf -- cgit v1.2.3