Setting the max-age value for HSTS in seconds


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v7.4.11 and later

DISCUSSION

The HTTP Strict Transport Security header informs the browser that it should never load a site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead. When the Strict Transport Security header is delivered to the browser, it updates the expiration time for that site, so sites can refresh this information and prevent the timeout from expiring.

EFT v8.0 and later store Advanced Properties in a JSON file. When you upgrade from EFT v7.4.x to EFT v8, the non-default settings that you have defined in the registry will be added to the Advanced Properties file during upgrade. (Default settings become part of the EFT configuration files.) For a more on how to use advanced properties, and a spreadsheet of the advanced properties, please refer to the "Advanced Properties" topic in the help for your version of EFT.

  • HSTS Requires HTTPS to be enabled.
  • In EFT Express, HSTS requires HTTPS module.
  • In v7.4.11, HSTS requires the Advanced/Express Security Module.
  •  In v7.4.13, the security modules are not required.

Some clients would like to modify the Header String Transport Security (HSTS) value to conform to their security best-practices or recommendations. The registry setting below is used to set the max-age value for HSTS in seconds. When the Web Transfer Client sends the Strict Transport Security header, it should modify the max-age parameter to what is set.

In EFT v8 and later:

Add the name:value pair to the AdvancedProperties.JSON file in EFT's \ProgramData\ directory as described in the "Advanced Properties" topic in the online help for your version of EFT.

{
"HSTSMaxAge": number of seconds
}

In versions prior to v8.0:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 7.4\

Type: DWORD

Value name: HSTSMaxAge

Recommended Value: 31536000 (1 year)

Minimum Value: 1

Maximum Value: 63072000

Restart Required: yes

Backup/Restore: yes