3

Firefox's SiteSecurityServiceState.txt file (located in the profile folder) records the HSTS times and HPKP expiry times and pins. There are multiple columns, and I don't know what they represent:

An example HSTS entry:

api.github.com:HSTS 74  17087   1507520108719,1,1

and example HPKP entry:

github.com:HPKP 78  17087   1481557619233,1,1,WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A=

The last column there is clearly all the SHA-256 hashes (pins), but what are the other columns? Clearly, one of them is probably a TTL, but which?

Geremia
  • 1,636
  • 3
  • 19
  • 33
  • Unfortunately, this is off topic here. The internal workings of a particular software package are a great question for the vendor. – schroeder Oct 14 '16 at 06:40
  • Maybe the question could fit on superuser? FWIW, I was wondering about the purpose of the columns when I wanted to add an HSTS entry manually for a site that does not use HSTS (since I wanted HSTS behavior there). – ThiefMaster Oct 14 '16 at 14:32

1 Answers1

2

1507520108719,1,1

The first number is the expiry timestamp in milliseconds. Divide by 1000 to get a normal unix timestamp.

The second one is the HSTS state, which can be "unset" (0), "set" (1) or "knockout" (2, overrides HSTS preload information as "no HSTS information available").

The third one indicates whether subdomains are included or not.

Source: https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsSiteSecurityService.cpp#50

ThiefMaster
  • 362
  • 1
  • 12