Add a header to HTTP response over SIP TLS channel for HSTS compliance in Lync Server 2013


Microsoft Lync Server 2013 provides minimal support for HTTP clients that incorrectly connect to a SIP listening port because the Lync Server uses port 443 for client connections in the service topologies. After you apply this update, the Lync Server will include a Strict-Transport-Security header in the path where it returns any HTTP response and the underlying connection is TLS.

Note HTTP Strict Transport Security (HSTS) is an Internet Engineering Task Force (IETF) standard-compliant security feature in the header to help users connect to secure sites in a secure way, and prevent some attacks.

How to get this update

To get this update, install the July 2018 cumulative update 5.0.8308.1001 for Lync Server 2013, Front End Server and Edge Server.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.