TODO: remove HSTS

author Daniel Stenberg <daniel@haxx.se>

Wed, 10 Feb 2021 21:54:33 +0000 (22:54 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 10 Feb 2021 21:54:33 +0000 (22:54 +0100)
author Daniel Stenberg <daniel@haxx.se>
Wed, 10 Feb 2021 21:54:33 +0000 (22:54 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 10 Feb 2021 21:54:33 +0000 (22:54 +0100)
diff --git a/docs/TODO b/docs/TODO

index 2f54085aa9a53acc4c6b114d278954052d0901c5..004b4e52a6cac663c674083440cb1ada96ebb1ed 100644 (file)
--- a/docs/TODO
+++ b/docs/TODO
@@ -116,7 +116,6 @@
   13.9 TLS record padding
   13.10 Support Authority Information Access certificate extension (AIA)
   13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
- 13.12 Support HSTS
   13.13 Make sure we forbid TLS 1.3 post-handshake authentication
   13.14 Support the clienthello extension
  
@@ -810,16 +809,6 @@
   Adding this feature would make curls pinning 100% compatible to HPKP and
   allow more flexible pinning.
  
-13.12 Support HSTS
-
- "HTTP Strict Transport Security" is TOFU (trust on first use), time-based
- features indicated by a HTTP header send by the webserver. It is widely used
- in browsers and it's purpose is to prevent insecure HTTP connections after a
- previous HTTPS connection. It protects against SSLStripping attacks.
-
- Doc: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
- RFC 6797: https://tools.ietf.org/html/rfc6797
-
  13.13 Make sure we forbid TLS 1.3 post-handshake authentication
  
   RFC 8740 explains how using HTTP/2 must forbid the use of TLS 1.3
author	Daniel Stenberg <daniel@haxx.se>
	Wed, 10 Feb 2021 21:54:33 +0000 (22:54 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 10 Feb 2021 21:54:33 +0000 (22:54 +0100)