Revert "Enable HSTS for all apache served SSL sites"

This reverts commit 3ce3f0c3311b306f9808355397ee43424f14aa31.

diff --git a/cookbooks/apache/recipes/ssl.rb b/cookbooks/apache/recipes/ssl.rb
index 8efbe03d2afef847d7a465a9d56c0027c5f5abe3..700e10e4af5afcf379514d5ec020cb632bd61944 100644 (file)
--- a/cookbooks/apache/recipes/ssl.rb
+++ b/cookbooks/apache/recipes/ssl.rb
@@ -29,7 +29,6 @@ apache_module "socache_shmcb" do
 end
 
 apache_module "ssl"
-apache_module "headers"
 
 apache_conf "ssl" do
   template "ssl.erb"

diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb
index 62486999d7a105d34eb747b4149346c0b715081c..1124f66d8550539316227603eb978910a9423780 100644 (file)
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -8,14 +8,10 @@ SSLCipherSuite aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5
 SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
 SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
 SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
-
 <% if node[:lsb][:release].to_f >= 14.04 -%>
+
 SSLUseStapling On
 SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
-
-Header setifempty Strict-Transport-Security max-age=86400 env=HTTPS
-<% else -%>
-Header set Strict-Transport-Security max-age=86400 env=HTTPS
 <% end -%>