User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 Build ID: 20170630112252 Steps to reproduce: * Visit a site, that responds with HSTS header on port 80. * This redirects client to https, thus 443. * Visit the same site on non-http port (neither 80 nor 443). Actual results: * Firefox tries to use TLS/SSL encryption, even when the server does not. Expected results: * Firefox should bind the HSTS record to fqdn AND port, thus ignoring HSTS for other ports.
This is according to spec. Explained in https://bugzilla.mozilla.org/show_bug.cgi?id=613645#c1
based on comment 1, close as invalid.