Disable http port and TLS 1.0 on glassfish

Description

Http port and TLS 1.0 are enabled on glassfish. Should add a way to disable them when installing in production mode. Use HTTP Strict-Transport-Security response header this ‌lets a web site tell browsers that it should only be accessed using HTTPS. Glassfish discloses its supported HTTP methods (OPTIONS Disclosure). Set X-Content-Type-Options: nosniff header to all responses.

Assignee

Fabio Buso

Reporter

Ermias Gebremeskel

Labels

Fix versions

Affects versions

Priority

Highest
Configure