Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
HPKP preloading #2
Comments
thestinger
added
the
enhancement
label
Oct 26, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
thestinger
commented
Nov 2, 2017
|
No longer going to be possible... |
thestinger
closed this
Nov 2, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thestinger commentedOct 26, 2017
Our Public-Key-Pins header is now set to 60 days so it will be ready for preloading once it's finalized by stripping it down to the 3 pins for Let's Encrypt (intermediate, fallback intermediate, root granting it trust) and our 5 backup pins (RSA 2048, RSA 3072, RSA 4096, ECDSA secp256r1, ECDSA secp384r1).
We currently have extra pins for the roots granting trust to each CA used by Cloudflare Universal SSL to be able to use their reverse proxy for DoS mitigation without paying for the Business plan to use custom certificates.