[oxhe-announce] Introduction of HSTS for Open-Xchange Webservices
Open-Xchange Hosting Edition Maintenance Announcements
oxhe-announce at open-xchange.com
Thu Dec 15 15:47:46 CET 2022
Dear Customers of Open-Xchange,
Open-Xchange will roll out HTTP Strict Transport Security (HSTS) for its web services at open-xchange.com on 2023-06-01. This mechanism will further improve the security of connections and mitigates potential downgrade attacks. It enforces that HTTP clients use HTTPS rather than the unencrypted and unauthenticated version of this protocol. We further intend to use HSTS-preloading, which means clients will use HTTPS straight away and will not attempt to use HTTP.
While this does not have any negative impact in general, we like to raise awareness for potential edge-cases that require your attention. As an Open-Xchange customer, you are using our software repositories at https://software.open-xchange.com/. This service will also use HSTS, and we identified potential connectivity issues in case the repository lists or mirrors on your end refer to plain HTTP. We have already updated the documentation to use HTTPS exclusively, but there may be cases where environments have been set up before that.
Please verify that all references to our software repositories, your egress network filtering and package managers are enabled to use HTTPS.
- For DEB based environments, make sure that the apt-transport-https package is installed and all URLs at /etc/apt/sources.list and /etc/apt/sources.list.d/ use the HTTPS URL scheme
- For RPM based environments, make sure that all URLs at /etc/yum.repos.d/ use the HTTPS URL scheme
Find more information here:
- https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
- https://www.redhat.com/en/blog/secure-distribution-rpm-packages
- https://manpages.debian.org/stable/apt/apt-transport-https.1.en.html
Best regards,
Your Open-Xchange Team
-------------------------------------------------------------------------------------
Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District Court Cologne HRB 95366
Managing Board: Andreas Gauger, Dirk Valbert, Frank Hoberg, Stephan Martin
Chairman of the Board: Richard Seibt
European Office:
Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718
Managing Director: Manuel Engel
US Office:
Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA
-------------------------------------------------------------------------------------
More information about the oxhe-announce
mailing list