Encryption Desktop enrollment fails with a load balancer that adds HTTP Strict Transport Security (HSTS) headers

book

Article ID: 198303

calendar_today

Updated On:

Products

Desktop Email Encryption Desktop Email Encryption, Powered by PGP Technology Drive Encryption Drive Encryption Powered by PGP Technology Encryption Management Server Encryption Management Server Powered by PGP Technology

Issue/Introduction

HTTP Strict Transport Security (HSTS) is a security mechanism used by web servers that instructs clients to connect only using HTTPS. The server adds Strict-Transport-Security to the HTTP response header and this is interpreted by a compatible client.

Encryption Management Server uses Strict Transport Security headers in release 3.4.2 MP2 and above.

However, this can cause enrollment to fail when Encryption Desktop clients attempt to enroll with Encryption Management Server 3.4.2 MP2 and above.

This issue has been observed particularly with email enrollment and an F5 BIG-IP that is configured to add Strict Transport Security headers.

Environment

  • Symantec Encryption Desktop 3.4 and above.
  • Symantec Encryption Management Server 3.4.2 MP2 and above.

Resolution

Ensure that the load balancer does not add Strict Transport Security headers.