Access to only via TLS

Werner Koch wk at
Wed Apr 30 14:21:15 CEST 2014

On Wed, 30 Apr 2014 10:25, gollo at said:

> the SSLLabs test shows two small issues when testing [2], one
> of which is the too short time sent in the HSTS header.

Ooops, copy and paste error: I missed the last 0 of max-age=31536000.
Also fixed in the Boa source code examples.

The missing forward secrecy is mainly an issue with IE which gives
non-FS algorithm suites a higher preference; but for older IEs a non-FS
algorithm is required.  We don't have any user data at this site so the
missing forward secrecy for anyway bugged Microsoft browsers should not
be an issue.



I understand why Microsoft makes it hard to use FS - that abbreviation
is also used for free software ;-)

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list