Y
Hacker News
new
|
ask
|
show
|
jobs
by
abarth
4437 days ago
I'd recommend starting out with a small max-age value so that any mistaken records will expire quickly. (Disclosure: I'm a co-editor of the HSTS RFC.)
1 comments
gellerb
4437 days ago
Yeah. I noticed that paypal.com has a max-age of 4 hours.
link
rhoml
4437 days ago
Maybe the first step to avoid issues is to enforce SSL which is easy on any webserver before going HSTS.
link
d0ugie
4437 days ago
Is there any downside, when using SSL, in enabling perfect forward secrecy?
link
JshWright
4437 days ago
Make sure you're using an SSL library that support ECDHE cipher suites... the non EC suites are very slow.
link