1.    16 Feb 2015 #1
    Join Date : Oct 2013
    Posts : 15,654
    64-bit Windows 10 Pro build 14955

    HTTP Strict Transport Security comes to Internet Explorer

    As part of our ongoing commitment to help build an interoperable, secure web that “just works,” we're excited to announce support for HTTP Strict Transport Security (HSTS) in Internet Explorer. This change can be previewed using Internet Explorer in the Windows 10 Technical Preview, and will come to Project Spartan in a later update.

    The HSTS policy protects against variants of man-in-the-middle attacks that can strip TLS out of communications with a server, leaving the user vulnerable. For example, a user may initially connect to a non-encrypted version of a website before being redirected to a secure connection. An attacker exploiting the non-encrypted connection could redirect the user to a malicious site. HSTS mitigates this attack vector by allowing sites to specify that the browser should always use a secure connection to the server. HSTS provides two methods for sites to secure their connections:

    • Registering for a preload list: websites can register to be hardcoded by IE and other browsers to redirect HTTP traffic to HTTPS. Communications with these websites from the initial connection are automatically upgraded to be secure. Like other browsers which have implemented this feature, Internet Explorer's preload list is based on the Chromium HSTS preload list.
    • Serving a HSTS header: Sites not on the preload list can enable HSTS via the Strict-Transport-Security HTTP header. After an initial HTTPS connection from the client containing the HSTS header, any subsequent HTTP connections are redirected by the browser to be secured via HTTPS.

    There are two important changes that impact users on sites using HSTS. First, when there is a certification error with a HSTS server, the user will not be able to click through and ignore the certificate error; they must abort their connection. Second, mixed content is not supported on servers supporting HSTS; all the content must be secure.

    These changes are available for preview in the January updates to the Windows 10 Technical Preview. Join the Windows Insider Program to see HSTS in action in IE and let us know if you have feedback @IEDevChat or on Connect.

    — Mike Bell, Program Manager, Storage, Network, and Print
    — David Walp, Program Manager, Internet Explorer
    Source: http://blogs.msdn.com/b/ie/archive/2...-explorer.aspx
      My System SpecsSystem Spec

  2.    17 Feb 2015 #2
    Join Date : Nov 2013
    Posts : 1,394
    Win-7Prox64 Win-8.1Prox64 Win-10Prox64

    That sounds like a mess,
    Most certificate errors are caused by the users clock is off not because of some server hack.
    It would be time for ie11 to realize checking the clock is the first message to produce not the famous security error page.
      My System SpecsSystem Spec


Similar Threads
Thread Forum
Expectations of Internet Explorer 12
What are everyones expectations of Internet Explorer 12, I say new UI.
Browsers and Email
HTTP Strict Transport Security comes to Internet Explorer
Source: HTTP Strict Transport Security comes to Internet Explorer 11 on Windows 8.1 and Windows 7
Windows 10 News
April 2015 security updates for Internet Explorer
Source: April 2015 security updates for Internet Explorer - IEBlog - Site Home - MSDN Blogs
Windows 10 News
Solved Explorer + no internet connection
Today i turned on my pc and the explorer.exe error appeared, i refreshed the screen and the icons appeared , but the start button didn't work , i tried to make troubleshoot but nothing... the worst part is that i can't acces the internet. Is there a...
General Support
February 2015 security updates for Internet Explorer
Source: February 2015 security updates for Internet Explorer - IEBlog - Site Home - MSDN Blogs
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:00.
Find Us
Twitter Facebook Google+

Windows 10 Forums