Strict transport security off

beaglebone.txt

@@ -2546,7 +2546,10 @@ server {
     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
     ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
-    add_header Strict-Transport-Security max-age=15768000; # six months
+    add_header Strict-Transport-Security "max-age=0;";
+    # Only uncomment one of the Strict-Transport-Security entries if you are
+    # not using a self-signed certificate
+    # add_header Strict-Transport-Security max-age=15768000; # six months
     # use this only if all subdomains support HTTPS!
     # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
 
@@ -4987,9 +4990,12 @@ server {
     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
     ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
-    #add_header Strict-Transport-Security max-age=15768000; # six months
+    add_header Strict-Transport-Security "max-age=0;";
+    # Only uncomment one of the Strict-Transport-Security entries if you are
+    # not using a self-signed certificate
+    # add_header Strict-Transport-Security max-age=15768000; # six months
     # use this only if all subdomains support HTTPS!
-    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
+    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
 
     client_max_body_size 6m;
 
@@ -5527,7 +5533,10 @@ server {
     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
     ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
-    add_header Strict-Transport-Security max-age=15768000; # six months
+    add_header Strict-Transport-Security "max-age=0;";
+    # Only uncomment one of the Strict-Transport-Security entries if you are
+    # not using a self-signed certificate
+    # add_header Strict-Transport-Security max-age=15768000; # six months
     # use this only if all subdomains support HTTPS!
     # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
 
@@ -7212,9 +7221,12 @@ server {
     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
     ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
-    #add_header Strict-Transport-Security max-age=15768000; # six months
+    add_header Strict-Transport-Security "max-age=0;";
+    # Only uncomment one of the Strict-Transport-Security entries if you are
+    # not using a self-signed certificate
+    # add_header Strict-Transport-Security max-age=15768000; # six months
     # use this only if all subdomains support HTTPS!
-    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
+    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
 
     client_max_body_size 6m;