Hacker Newsnew | comments | ask | jobs | submitlogin
ivanr 448 days ago | link | parent

I maintain a complete guide to SSL/TLS deployment:

SSL/TLS Deployment Best Practices https://www.ssllabs.com/projects/best-practices/



hnolable 447 days ago | link

You may want to integrate some of the advice from here in your HSTS section:

http://coderrr.wordpress.com/2010/12/27/canonical-redirect-p...

It seems even github is susceptible to this. That is, for people who type www.github.com into their browser rather than github.com. They both did the redirect wrong, as well as left off HSTS of https://www.github.com.

-----




Lists | RSS | Bookmarklet | Guidelines | FAQ | DMCA | News News | Feature Requests | Bugs | Y Combinator | Apply | Library

Search: