Closed Bug 1378185 Opened 7 years ago Closed 7 years ago

Ignore HSTS if different port is used.

Tracking

()

Status:

RESOLVED INVALID

People

(Reporter: horsky.luso, Unassigned)

Details

horsky.luso

Reporter

Description

•

7 years ago

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0
Build ID: 20170630112252

Steps to reproduce:

* Visit a site, that responds with HSTS header on port 80.
  * This redirects client to https, thus 443.
* Visit the same site on non-http port (neither 80 nor 443).


Actual results:

* Firefox tries to use TLS/SSL encryption, even when the server does not.


Expected results:

* Firefox should bind the HSTS record to fqdn AND port, thus ignoring HSTS for other ports.

Daniel Stenberg [:bagder]

Comment 1

•

7 years ago

This is according to spec. Explained in https://bugzilla.mozilla.org/show_bug.cgi?id=613645#c1

Gary Chen [:xeonchen]

Comment 2

•

7 years ago

based on comment 1, close as invalid.

Status: UNCONFIRMED → RESOLVED

Closed: 7 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Ignore HSTS if different port is used.

Categories

(Core :: Networking, defect)

Tracking

()

People

(Reporter: horsky.luso, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2