From 8074127b8d8913314c90c3fe6131d078a858f7b6 Mon Sep 17 00:00:00 2001
From: o <o@immerda.ch>
Date: Tue, 10 Mar 2015 22:14:51 +0100
Subject: hsts should be enabled on a per-site basis

hsts does mix very badly with selfsigned certs. thus we disable it by
default. set configuration['hsts'] = true for vhost with valid certs.
---
 templates/include.d/ssl_defaults.inc.erb | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'templates')

diff --git a/templates/include.d/ssl_defaults.inc.erb b/templates/include.d/ssl_defaults.inc.erb
index 236eb78..77f8e77 100644
--- a/templates/include.d/ssl_defaults.inc.erb
+++ b/templates/include.d/ssl_defaults.inc.erb
@@ -76,6 +76,3 @@ SSLHonorCipherOrder on
 SetEnvIf User-Agent ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0
-
-# set STS Header
-Header add Strict-Transport-Security "max-age=15768000"
-- 
cgit v1.2.3