Am 05.06.19 um 14:54 schrieb Sathish Kumar:
> Hi Team,
>
> We would like to fix the HTTPS pinning vulnerability on our Nginx and Mobile
> application Android/iOS. If I enable on Nginx, do we need to add the pinning
> keys on our application and have to rotate the pinning keys everytime when
> the SSL cert is renewed.
>
> Please advise.
HPKP is more or less deprecated. I suggest to no use it anymore.
Use HSTS, try to understand the implication of "includeSubDomains" and
https://hstspreload.org/
Andreas
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
