HSTS Missing From HTTPS Server (RFC 6797) for several ports in OpenShift

Solution Verified - Updated -

Issue

  • HSTS (HTTP Strict Transport Security) is not being enforced on HTTPS servers running on RHOCP node.
  • Security scanner reports vulnerability for OCP nodes on ports 10250, 9637 and 5000.
  • Kubelet (ports 9637 and 10250) and internal Image Registry (port 5000) are not enforcing HTTP Strict Transport Security Headers as defined by RFC 6797.
  • Is it possible to enforce HSTS for Kubelet or internal Image Registry?

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • HTTP Strict Transport Security (HSTS)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content