HomePhabricator

ssl_ciphersuite: standardize STS preload
42cdc5a39bacUnpublished

Authored by BBlack on Jun 6 2016, 2:10 PM.

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

ssl_ciphersuite: standardize STS preload

Now that wikimedia.org can preload, switch the HSTS argument to a
boolean that always sets our standard 1y/includeSub/preload STS
string. The default/false leaves out HSTS completely, leaving it
up to manual config to set any HSTS, in case of e.g. labs-based
services which are outside the scope of our canonical
domains/policies.

Bug: T132685
Change-Id: I271336e264b01d7a352577dcc5afa0b4ca2be31f

Details