Closed
Bug 1378185
Opened 7 years ago
Closed 7 years ago
Ignore HSTS if different port is used.
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: horsky.luso, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 Build ID: 20170630112252 Steps to reproduce: * Visit a site, that responds with HSTS header on port 80. * This redirects client to https, thus 443. * Visit the same site on non-http port (neither 80 nor 443). Actual results: * Firefox tries to use TLS/SSL encryption, even when the server does not. Expected results: * Firefox should bind the HSTS record to fqdn AND port, thus ignoring HSTS for other ports.
Comment 1•7 years ago
|
||
This is according to spec. Explained in https://bugzilla.mozilla.org/show_bug.cgi?id=613645#c1
Comment 2•7 years ago
|
||
based on comment 1, close as invalid.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•