Revert "Enable HSTS for all apache served SSL sites"
authorTom Hughes <tom@compton.nu>
Wed, 10 Dec 2014 15:01:03 +0000 (15:01 +0000)
committerTom Hughes <tom@compton.nu>
Wed, 10 Dec 2014 15:01:03 +0000 (15:01 +0000)
This reverts commit 3ce3f0c3311b306f9808355397ee43424f14aa31.

cookbooks/apache/recipes/ssl.rb
cookbooks/apache/templates/default/ssl.erb

index 8efbe03d2afef847d7a465a9d56c0027c5f5abe3..700e10e4af5afcf379514d5ec020cb632bd61944 100644 (file)
@@ -29,7 +29,6 @@ apache_module "socache_shmcb" do
 end
 
 apache_module "ssl"
-apache_module "headers"
 
 apache_conf "ssl" do
   template "ssl.erb"
index 62486999d7a105d34eb747b4149346c0b715081c..1124f66d8550539316227603eb978910a9423780 100644 (file)
@@ -8,14 +8,10 @@ SSLCipherSuite aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5
 SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
 SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
 SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
-
 <% if node[:lsb][:release].to_f >= 14.04 -%>
+
 SSLUseStapling On
 SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
-
-Header setifempty Strict-Transport-Security max-age=86400 env=HTTPS
-<% else -%>
-Header set Strict-Transport-Security max-age=86400 env=HTTPS
 <% end -%>