From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 3 Dec 2016 09:38:13 +0000 (+0100)
Subject: raise HPKP timeout from 14 days to 60
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=c24d1e8183da7ca7317dbdb5bdb5262200ec7491;p=mirror%2Fdsa-puppet.git

raise HPKP timeout from 14 days to 60
---

diff --git a/modules/apache2/templates/ssl-key-pins.erb b/modules/apache2/templates/ssl-key-pins.erb
index 8f096b19c..7e891a293 100644
--- a/modules/apache2/templates/ssl-key-pins.erb
+++ b/modules/apache2/templates/ssl-key-pins.erb
@@ -23,7 +23,8 @@
     res << "<Macro http-pkp-#{site}>"
     if pin_info.size >= 2 then
       pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
-      pin_info << "max-age=1209600"
+      # 60 days
+      pin_info << "max-age=5184000"
       pin_str = pin_info.join("; ")
       res << "  Header always set Public-Key-Pins \"#{pin_str}\""
     else