HTTP Strict Transport Security becomes Internet Standard

Posted by Scott_Ruecker on Nov 21, 2012 11:30 PM EDT
Mail this story
Print this story

The Internet Engineering Task Force (IETF) has published RFC 6797, formally declaring the HTTP Strict Transport Security (HSTS) security mechanism for HTTPS as an Internet Standard. HSTS is designed to allow (HTTP) servers to ensure that any services offered can only be accessed via secure connections that are encrypted using mechanisms such as Transport Layer Security (TLS). From a client perspective, HSTS forces applications (User Agents) to only use encrypted connections when communicating with web sites. Sites such as the Open Web Application Security Project's describe how to implement the use of HSTS in web servers such as Apache, Nginx and Lighttpd.

Full Story

» Read more about: Story Type: News Story

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.