Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.

Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.

Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.

Abstract: A method and apparatus for enabling an HSTS policy for a subdomain of a domain is described. A request for content at a subdomain of a domain is received at a proxy server from a client device over a secure transport. The proxy server determines whether the subdomain is associated with a rule indicating that Hypertext Transport Protocol Strict Transport Security (HSTS) is to be enabled for the subdomain of the domain. Responsive to determining that the subdomain is associated with the rule, the proxy server transmits, to the client device, a first response that includes an HSTS header and which instructs the client device to communicate only over the secure transport for requests for content at the subdomain, wherein the first response includes the HSTS header regardless of whether HSTS has been enabled for the subdomain at an origin server.

Abstract: A method and apparatus for enabling an HSTS policy for a subdomain of a domain is described. A request for content at a subdomain of a domain is received at a proxy server from a client device over a secure transport. The proxy server determines whether the subdomain is associated with a rule indicating that Hypertext Transport Protocol Strict Transport Security (HSTS) is to be enabled for the subdomain of the domain. Responsive to determining that the subdomain is associated with the rule, the proxy server transmits, to the client device, a first response that includes an HSTS header and which instructs the client device to communicate only over the secure transport for requests for content at the subdomain, wherein the first response includes the HSTS header regardless of whether HSTS has been enabled for the subdomain at an origin server.

Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.