Support of HTTP Strict Transport Security (HSTS) in DLO

book

Article ID: 100060601

calendar_today

Updated On:

Description

Error Message

N/A

Cause

N/A

Resolution

To confirm that HSTS Protocol is enabled in DLO:

Open the C:\Program Files\Veritas\Veritas DLO\IOServer\Tomcat\webapps\DLOServer\WEB-INF\web.xml file on the Edge server
Check that the file has the following entries set as below;

hstsEnabled true hstsMaxAgeSeconds 31536000

If the above entries are not configured or are missing;

Add or amend these values as per the above example.
Save the file.
Restart the Veritas DLO Web Server and Veritas DLO Edge Server services, to ensure the new settings are being used.

Issue/Introduction

Desktop and Laptop Option (DLO) has supported HTTP Strict Transport Security (HSTS) protocol for several versions (since 9.0).
Some security scanners can still identify this as an issue in DLO, where Edge is configured.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"