From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 25 Oct 2016 11:38:26 +0000 (+0200)
Subject: raise max-age for HTTP Public Key Pins from 3 days to 2 weeks
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=9d5afe7f670c75742235c12e24bb87a3d6fb3279;p=mirror%2Fdsa-puppet.git

raise max-age for HTTP Public Key Pins from 3 days to 2 weeks
---

diff --git a/modules/apache2/templates/ssl-key-pins.erb b/modules/apache2/templates/ssl-key-pins.erb
index ec5d1ec45..8f096b19c 100644
--- a/modules/apache2/templates/ssl-key-pins.erb
+++ b/modules/apache2/templates/ssl-key-pins.erb
@@ -23,7 +23,7 @@
     res << "<Macro http-pkp-#{site}>"
     if pin_info.size >= 2 then
       pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
-      pin_info << "max-age=259200"
+      pin_info << "max-age=1209600"
       pin_str = pin_info.join("; ")
       res << "  Header always set Public-Key-Pins \"#{pin_str}\""
     else