Guest

Preview Tool

Cisco Bug: CSCvs84384 - ECE 11.6 ES8 Release notes missing Strict Transport Security recommended settings

Last Modified

May 29, 2020

Products (1)

  • Cisco Enterprise Chat and Email

Known Affected Releases

11.6(1)ES8

Description (partial)

Symptom:
ECE 11.6 ES8 will take affect if the below settings are in place as per Egain support 
So, Add these to release notes for ES8 

 it confirmed that the configurations to incorporate these HTTP response headers need to be manually performed against IIS with below details. Thereby, please have customer/partner add the 'Strict-Transport-Security' HTTP response header against the website hosting the ECE application (if not custom, the web would be 'Default WebSite').

For Strict Transport Security response header, below are details:

Name ? Strict Transport Security
Value ? 'max-age=31536000'
Entry Type ? 'Local'
For further response headers, please refer the screen-shot as a part of earlier email for specific values and entry type. Re-attaching the image herewith again.

Now, having discussed this further with our Products teams, it was confirmed that there were potential issues identified (during internal testing/validations) post enabling of these HTTP response headers which has been fixed and addressed through ES8. Thereby, as a part of ES8, the failing scenarios identified with these response headers enabled have been identified to be functioning as expected.

Conditions:
ES8 unable to resolve issue without these settings
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.