HSTS and HPKP has implications for Smoothwall and its client devices; what are they?

Article #:

Product

Castle

1885

All

All

Summary

How HTTP Strict Transport Security (HSTS) and HTTP Public Key Pinning (HPKP) can affect Smoothwall and its client devices.

Problem

HSTS and HPKP has implications for Smoothwalland its client devices.

HSTS:

Forces browsers to connect to sites securely
Ensures that the browser only connects to that site securely in the future
Ensures that certificate related errors cannot be clicked through by the user

HPKP:

Ensures a browser only connects to an HTTPS site using the specified certificate
Ensures that certificate related errors cannot be clicked through by the user

Solution

For client devices with the Smoothwall's HTTPS certificate installed for Decrypt and inspect, neither of these standards should have any effect, though this may change in the future. 

For client devices without Smoothwall's HTTPS certificate installed for Decrypt and inspect, users may see certificate errors that cannot be bypassed. This can occur if the Smoothwall tries to serve a HTTPS blockpage or there is an issue with the site itself. 

If these errors are occurring, either:

Install the Smoothwall's HTTPS certificate to enable proper decryption and inspection — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/httpssettings.htm
Adjust the HTTPS policy appropriately — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/https.htm

Attribution:

Last updated:

Author:

Contributions by:

06 September 2016

 

DMT

 

 

Copyright © 2000-2016 Smoothwall All rights reserved.