by butsch
10. June 2015 17:21
Microsoft enables Strict Transport Security in Windows 7 and 8.1 with Internet Explorer 11
Patch: Update KB3058515 (MS15-056)
For: Internet Explorer 11 ONLY
What for: Will make a pseudo SSL connection if Website supports and ONLY on second visit.
With the Microsoft July Update KB3058515 (MS15-056) Microsoft finally activates HSTS under IE11. This was planned for Window 10 now on Window 7 and 8.1. Since 2013 this was a wish from certain customers.
https://connect.microsoft.com/IE/feedback/details/793747/ie11-feature-request-support-for-the-strict-transport-security-header
Some points to know.
- Die Site muss auf der anderen Seite HSTS aktiviert sein / Die website has to activated for HSTS Server side (See the secure net paper on how to do that)
- Erst beim zweiten Besuch der Site nützt es was / Only after the second contact to the website this will be active
- Keep in mind that Browser performance MAY be hit. See the First presentation in the Link for related info to that.
- Alle US-Behörden ab sofort nur noch https (Nach den Hacks von Ende 2014)
http://www.internet2.edu/presentations/fall11/20111004-stsauver-hsts-performance.pdf
http://tech.slashdot.org/story/15/06/09/2219211/internet-explorer-11-gains-http-strict-transport-security-in-windows-7-and-81
https://www.securenet.de/fileadmin/papers/HTTP_Strict_Transport_Security_HSTS_Whitepaper.pdf
http://caniuse.com/#feat=stricttransportsecurity
https://status.modern.ie/httpstricttransportsecurityhsts
https://support.microsoft.com/de-de/kb/3058515
See our IE11 Deployment Links:
http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx
http://www.butsch.ch/post/Internet-Explorer-911-GPO-old-IE9-not-visible-WMI-checks.aspx
5b2e91a8-6e5f-4abc-85be-2ddaa31e0591|0|.0|27604f05-86ad-47ef-9e05-950bb762570c
Tags: