|
|
|
|
|
|
by justinschuh
5083 days ago
|
|
|
The standard very explicitly states that Chrome's behavior is correct: When connecting to a Known HSTS Server, the UA MUST terminate the
connection with no user recourse if there are any errors (e.g.
certificate errors), whether "warning" or "fatal" or any other error
level, with the underlying secure transport.
http://tools.ietf.org/html/draft-hodges-strict-transport-sec... |
|
|