You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
4. HSTS Hosts are identified only via domain names -- explicit IP
address identification of all forms is excluded. This is for
simplification and also is in recognition of various issues with
using direct IP address identification in concert with PKI-based
security.
I did this
server:
client:
Note: --insecure is used here to avoid need to set up PKI for the PoC, it doesn't change the outcome however.
afterwards foo.hsts:
Also later the HSTS applies to the IP address, while it should not.
I expected the following
libcurl implementing https://datatracker.ietf.org/doc/html/rfc6797 design, specifically:
curl/libcurl version
curl 7.77.1-DEV (x86_64-pc-linux-gnu) libcurl/7.77.1-DEV OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.4.57
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB PSL SSL TLS-SRP UnixSockets
operating system
Linux anonymized 5.10.0-6-amd64 #1 SMP Debian 5.10.28-1 (2021-04-09) x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: