Google Git
Sign in
android / platform / external / curl / refs/heads/aml_ads_341826300 / . / docs / HSTS.md
blob: e541024936e61afafbde4d72ec502f7e435a930b [file] [log] [blame] [view]
Daniel Stenberg73856102020-11-02 23:17:01 +0100[diff] [blame]1# HSTS support
2
Daniel Stenberg68975fb2021-05-28 12:34:07 +0200[diff] [blame]3HTTP Strict-Transport-Security. Added as experimental in curl
47.74.0. Supported "for real" since 7.77.0.
Daniel Stenberg73856102020-11-02 23:17:01 +0100[diff] [blame]5
6## Standard
7
lucas519b62c2022-01-21 18:52:33 +0000[diff] [blame]8[HTTP Strict Transport Security](https://datatracker.ietf.org/doc/html/rfc6797)
Daniel Stenberg73856102020-11-02 23:17:01 +0100[diff] [blame]9
10## Behavior
11
12libcurl features an in-memory cache for HSTS hosts, so that subsequent
13HTTP-only requests to a host name present in the cache will get internally
14"redirected" to the HTTPS version.
15
16## `curl_easy_setopt()` options:
17
18 - `CURLOPT_HSTS_CTRL` - enable HSTS for this easy handle
19 - `CURLOPT_HSTS` - specify file name where to store the HSTS cache on close
20 (and possibly read from at startup)
21
Daniel Stenbergfd1ce3d2022-09-20 23:30:19 +0200[diff] [blame]22## curl command line options
Daniel Stenberg73856102020-11-02 23:17:01 +0100[diff] [blame]23
24 - `--hsts [filename]` - enable HSTS, use the file as HSTS cache. If filename
25 is `""` (no length) then no file will be used, only in-memory cache.
26
27## HSTS cache file format
28
29Lines starting with `#` are ignored.
30
31For each hsts entry:
32
33 [host name] "YYYYMMDD HH:MM:SS"
34
Daniel Stenbergfd1ce3d2022-09-20 23:30:19 +0200[diff] [blame]35The `[host name]` is dot-prefixed if it includes subdomains.
Daniel Stenberg73856102020-11-02 23:17:01 +0100[diff] [blame]36
37The time stamp is when the entry expires.
38
Daniel Stenberg73856102020-11-02 23:17:01 +0100[diff] [blame]39## Possible future additions
40
Daniel Stenbergfd1ce3d2022-09-20 23:30:19 +0200[diff] [blame]41 - `CURLOPT_HSTS_PRELOAD` - provide a set of HSTS host names to load first
Daniel Stenberg73856102020-11-02 23:17:01 +0100[diff] [blame]42 - ability to save to something else than a file