HTTP Strict Transport Security (RFC 6797) support for VMware Cloud Director 10.x

search cancel

HTTP Strict Transport Security (RFC 6797) support for VMware Cloud Director 10.x

book

Article ID: 335237

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

Information on HTTP Strict Transport Security (RFC 6797) and VMware Cloud Director 10.x

Symptoms:

HTTP Strict Transport Security (RFC 6797)

Environment

VMware Cloud Director 10.x

Cause

HTTP Strict Transport Security (RFC 6797)

Resolution

VMware Cloud Director may be flagged as not having Strict-Transport-Security this is due to the base site being a redirect to HTTPS, in addition the public facing Provider Portal and Tenant Portals .

The above information can be verified using the following:

Does not contain "Strict-Transport-Security"

curl -v -k https://[vCD Site]/

-- However one thing to note is that the above redirects to https://[vCD Site]/login which does, as seen below:

Does contain "Strict-Transport-Security"

curl -v -k https://[vCD Site]/login/

curl -v -k https://[vCD Site]/provider/

curl -v -k https://[vCD Site]/tenant/[Org Name]/

Feedback

thumb_up Yes

thumb_down No