AnsweredAssumed Answered

HPKP validation

Question asked by Whex on Apr 20, 2015
Latest reply on Oct 21, 2015 by Andrey Arapov

Currently (SSL Server Test v1.15.1), HPKP headers are listed in a site's results.  However, it does not appear that the pinned SHA256 hashes are validated against the site's certificate.  I tested this by setting a pin that I was 90% certain was valid and changing the first couple of characters of the Base64 hash.  With both the valid and invalid base64 values, the SSL Server Test showed the header as bold+green.  Can anyone else confirm this behavior?

 

 

Thanks,

Whex

Outcomes