ΠΠ΄ΠΈΠ½ ΠΎΡ Π½Π°ΠΉ-Π΄ΠΎΠ±ΡΠΈΡΠ΅ ΡΠ°ΠΉΡΠΎΠ²Π΅ Π½Π° Alexa (ΡΠ΅Π½ΡΡΠ°Π»Π΅Π½ ΠΊΡΡΠ³), Π·Π°ΡΠΈΡΠ΅Π½ Ρ HTTPS, Ρ ΠΏΠΎΠ΄Π΄ΠΎΠΌΠ΅ΠΉΠ½ΠΈ (ΡΠΈΠ²ΠΈ) ΠΈ Π·Π°Π²ΠΈΡΠΈΠΌΠΎΡΡΠΈ (Π±Π΅Π»ΠΈ), ΡΡΠ΅Π΄ ΠΊΠΎΠΈΡΠΎ ΠΈΠΌΠ° ΡΡΠ·Π²ΠΈΠΌΠΈ (ΠΏΡΠ½ΠΊΡΠΈΡΠ°Π½ΠΎ Π·Π°ΡΠ΅Π½ΡΠ²Π°Π½Π΅)
ΠΠ½Π΅Ρ ΠΈΠΊΠΎΠ½Π°ΡΠ° Π·Π° Π·Π°ΡΠΈΡΠ΅Π½Π° HTTPS Π²ΡΡΠ·ΠΊΠ° ΡΠ΅ ΠΏΡΠ΅Π²ΡΡΠ½Π° Π² ΡΡΠ°Π½Π΄Π°ΡΡ ΠΈ Π΄ΠΎΡΠΈ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ Π°ΡΡΠΈΠ±ΡΡ Π½Π° Π²ΡΠ΅ΠΊΠΈ ΡΠ΅ΡΠΈΠΎΠ·Π΅Π½ ΡΠ°ΠΉΡ. ΠΠΊΠΎ
ΠΠΎ ΡΠ΅ ΠΎΠΊΠ°Π·Π²Π°, ΡΠ΅ Π½Π°Π»ΠΈΡΠΈΠ΅ΡΠΎ Π½Π° "Π·Π°ΠΊΠ»ΡΡΠ²Π°Π½Π΅" Π² Π°Π΄ΡΠ΅ΡΠ½Π°ΡΠ° Π»Π΅Π½ΡΠ° Π½Π΅ Π²ΠΈΠ½Π°Π³ΠΈ Π³Π°ΡΠ°Π½ΡΠΈΡΠ° Π·Π°ΡΠΈΡΠ°.
Π Π΅Π·ΡΠ»ΡΠ°ΡΠΈ ΠΎΡ ΠΏΡΠΎΡΡΠ²Π°Π½Π΅ΡΠΎ
ΠΠ·ΡΠ»Π΅Π΄Π²Π°Π½Π΅ΡΠΎ Π΅ ΠΏΡΠΎΠ²Π΅Π΄Π΅Π½ΠΎ ΠΎΡ Π΅ΠΊΡΠΏΠ΅ΡΡΠΈ ΠΎΡ ΠΠ΅Π½Π΅ΡΠΈΠ°Π½ΡΠΊΠΈΡ ΡΠ½ΠΈΠ²Π΅ΡΡΠΈΡΠ΅Ρ Ca' Foscari (ΠΡΠ°Π»ΠΈΡ) ΠΈ ΠΠΈΠ΅Π½ΡΠΊΠΈΡ ΡΠ΅Ρ Π½ΠΈΡΠ΅ΡΠΊΠΈ ΡΠ½ΠΈΠ²Π΅ΡΡΠΈΡΠ΅Ρ. Π’Π΅ ΡΠ΅ ΠΏΡΠ΅Π΄ΡΡΠ°Π²ΡΡ ΠΏΠΎΠ΄ΡΠΎΠ±Π΅Π½ Π΄ΠΎΠΊΠ»Π°Π΄ Π½Π° 40-ΠΈΡ ΡΠΈΠΌΠΏΠΎΠ·ΠΈΡΠΌ Π½Π° IEEE Π·Π° ΡΠΈΠ³ΡΡΠ½ΠΎΡΡ ΠΈ ΠΏΠΎΠ²Π΅ΡΠΈΡΠ΅Π»Π½ΠΎΡΡ, ΠΊΠΎΠΉΡΠΎ ΡΠ΅ ΡΠ΅ ΠΏΡΠΎΠ²Π΅Π΄Π΅ Π½Π° 20-22 ΠΌΠ°ΠΉ 2019 Π³. Π² Π‘Π°Π½ Π€ΡΠ°Π½ΡΠΈΡΠΊΠΎ.
ΠΡΡ Π° ΡΠ΅ΡΡΠ²Π°Π½ΠΈ Π½Π°ΠΉ-Π΄ΠΎΠ±ΡΠΈΡΠ΅ 10 000 HTTPS ΡΠ°ΠΉΡΠΎΠ²Π΅ Π² ΡΠΏΠΈΡΡΠΊΠ° Π½Π° Alexa ΠΈ 90 816 ΡΠ²ΡΡΠ·Π°Π½ΠΈ Ρ ΠΎΡΡΠ°. Π£ΡΠ·Π²ΠΈΠΌΠΈ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΡΠΊΠΈ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ Π±ΡΡ Π° ΠΎΡΠΊΡΠΈΡΠΈ Π½Π° 5574 Ρ ΠΎΡΡΠ°, ΡΠΎΠ΅ΡΡ ΠΏΡΠΈΠ±Π»ΠΈΠ·ΠΈΡΠ΅Π»Π½ΠΎ 5,5% ΠΎΡ ΠΎΠ±ΡΠΈΡ Π±ΡΠΎΠΉ:
- 4818 ΡΡΠ·Π²ΠΈΠΌ ΠΊΡΠΌ MITM
- 733 ΡΠ° ΡΡΠ·Π²ΠΈΠΌΠΈ ΠΊΡΠΌ ΠΏΡΠ»Π½ΠΎ TLS Π΄Π΅ΡΠΈΡΡΠΈΡΠ°Π½Π΅
- 912 ΡΠ° ΡΡΠ·Π²ΠΈΠΌΠΈ ΠΊΡΠΌ ΡΠ°ΡΡΠΈΡΠ½ΠΎ TLS Π΄Π΅ΠΊΡΠΈΠΏΡΠΈΡΠ°Π½Π΅
898 ΡΠ°ΠΉΡΠ° ΡΠ° Π½Π°ΠΏΡΠ»Π½ΠΎ ΠΎΡΠ²ΠΎΡΠ΅Π½ΠΈ Π·Π° Ρ Π°ΠΊΠ²Π°Π½Π΅, ΡΠΎΠ΅ΡΡ ΡΠ΅ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ²Π°Ρ ΠΈΠ½ΠΆΠ΅ΠΊΡΠΈΡΠ°Π½Π΅ Π½Π° ΡΠΊΡΠΈΠΏΡΠΎΠ²Π΅ Π½Π° ΡΡΠ΅ΡΠΈ ΡΡΡΠ°Π½ΠΈ, Π° 977 ΡΠ°ΠΉΡΠ° Π·Π°ΡΠ΅ΠΆΠ΄Π°Ρ ΡΡΠ΄ΡΡΠΆΠ°Π½ΠΈΠ΅ ΠΎΡ ΡΠ»Π°Π±ΠΎ Π·Π°ΡΠΈΡΠ΅Π½ΠΈ ΡΡΡΠ°Π½ΠΈΡΠΈ, Ρ ΠΊΠΎΠΈΡΠΎ Π½Π°ΠΏΠ°Π΄Π°ΡΠ΅Π»ΡΡ ΠΌΠΎΠΆΠ΅ Π΄Π° Π²Π·Π°ΠΈΠΌΠΎΠ΄Π΅ΠΉΡΡΠ²Π°.
ΠΠ·ΡΠ»Π΅Π΄ΠΎΠ²Π°ΡΠ΅Π»ΠΈΡΠ΅ ΠΏΠΎΠ΄ΡΠ΅ΡΡΠ°Π²Π°Ρ, ΡΠ΅ ΡΡΠ΅Π΄ 898 βΠ½Π°ΠΏΡΠ»Π½ΠΎ ΠΊΠΎΠΌΠΏΡΠΎΠΌΠ΅ΡΠΈΡΠ°Π½ΠΈβ ΡΠ΅ΡΡΡΡΠΈ ΡΠ° ΠΎΠ½Π»Π°ΠΉΠ½ ΠΌΠ°Π³Π°Π·ΠΈΠ½ΠΈ, ΡΠΈΠ½Π°Π½ΡΠΎΠ²ΠΈ ΡΡΠ»ΡΠ³ΠΈ ΠΈ Π΄ΡΡΠ³ΠΈ Π³ΠΎΠ»Π΅ΠΌΠΈ ΡΠ°ΠΉΡΠΎΠ²Π΅. 660 ΠΎΡ 898 ΡΠ°ΠΉΡΠ° ΠΈΠ·ΡΠ΅Π³Π»ΡΡ Π²ΡΠ½ΡΠ½ΠΈ ΡΠΊΡΠΈΠΏΡΠΎΠ²Π΅ ΠΎΡ ΡΡΠ·Π²ΠΈΠΌΠΈ Ρ ΠΎΡΡΠΎΠ²Π΅: ΡΠΎΠ²Π° Π΅ ΠΎΡΠ½ΠΎΠ²Π½ΠΈΡΡ ΠΈΠ·ΡΠΎΡΠ½ΠΈΠΊ Π½Π° ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ. Π‘ΠΏΠΎΡΠ΅Π΄ Π°Π²ΡΠΎΡΠΈΡΠ΅ ΡΠ»ΠΎΠΆΠ½ΠΎΡΡΡΠ° Π½Π° ΡΡΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΠΈΡΠ΅ ΡΠ΅Π± ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ Π·Π½Π°ΡΠΈΡΠ΅Π»Π½ΠΎ ΡΠ²Π΅Π»ΠΈΡΠ°Π²Π° ΠΏΠΎΠ²ΡΡΡ Π½ΠΎΡΡΡΠ° Π·Π° Π°ΡΠ°ΠΊΠ°.
ΠΡΠΊΡΠΈΡΠΈ ΡΠ° ΠΈ Π΄ΡΡΠ³ΠΈ ΠΏΡΠΎΠ±Π»Π΅ΠΌΠΈ: 10% ΠΎΡ ΡΠΎΡΠΌΡΠ»ΡΡΠΈΡΠ΅ Π·Π° ΠΎΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΠΈΠΌΠ°Ρ ΠΏΡΠΎΠ±Π»Π΅ΠΌΠΈ ΡΡΡ ΡΠΈΠ³ΡΡΠ½ΠΎΡΠΎ ΠΏΡΠ΅Π΄Π°Π²Π°Π½Π΅ Π½Π° ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ, ΠΊΠΎΠ΅ΡΠΎ Π·Π°ΠΏΠ»Π°ΡΠ²Π° Ρ ΠΈΠ·ΡΠΈΡΠ°Π½Π΅ Π½Π° ΠΏΠ°ΡΠΎΠ»ΠΈ, 412 ΡΠ°ΠΉΡΠ° ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ²Π°Ρ ΠΏΡΠΈΡ Π²Π°ΡΠ°Π½Π΅ Π½Π° Π±ΠΈΡΠΊΠ²ΠΈΡΠΊΠΈ ΠΈ ΠΎΡΠ²Π»ΠΈΡΠ°Π½Π΅ Π½Π° ΡΠ΅ΡΠΈΠΈ, Π° 543 ΡΠ°ΠΉΡΠ° ΡΠ° ΠΎΠ±Π΅ΠΊΡ Π½Π° Π°ΡΠ°ΠΊΠΈ ΡΡΠ΅ΡΡ ΡΠ΅Π»ΠΎΡΡΡΠ° Π½Π° Π±ΠΈΡΠΊΠ²ΠΈΡΠΊΠΈΡΠ΅ (ΡΡΠ΅Π· ΠΏΠΎΠ΄Π΄ΠΎΠΌΠ΅ΠΉΠ½ΠΈ) .
ΠΡΠΎΠ±Π»Π΅ΠΌΡΡ Π΅, ΡΠ΅ ΠΏΡΠ΅Π· ΠΏΠΎΡΠ»Π΅Π΄Π½ΠΈΡΠ΅ Π³ΠΎΠ΄ΠΈΠ½ΠΈ Π² SSL / TLS ΠΏΡΠΎΡΠΎΠΊΠΎΠ»ΠΈΡΠ΅ ΠΈ ΡΠΎΡΡΡΠ΅ΡΠ°
ΠΡΠ΅ΠΏΠΎΡΡΡΠΈΡΠ΅Π»Π½ΠΈ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ
ΠΡΠΌΠ° Π½ΠΈΡΠΎ Π΅Π΄ΠΈΠ½ ΠΎΡΠΈΡΠΈΠ°Π»Π½ΠΎ ΠΎΠ΄ΠΎΠ±ΡΠ΅Π½ ΠΈ ΡΡΠ³Π»Π°ΡΡΠ²Π°Π½ ΡΠΏΠΈΡΡΠΊ Ρ ΠΏΡΠ΅ΠΏΠΎΡΡΡΠΈΡΠ΅Π»Π½ΠΈ HTTPS Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ. Π’Π°ΠΊΠ°,
ΠΠΎΠ΄Π΅ΡΠ΅Π½ ΡΠ΅ΠΆΠΈΠΌ
ΠΠ°ΠΉ-ΡΡΠ°ΡΠΈΡΠ΅ ΠΏΠΎΠ΄Π΄ΡΡΠΆΠ°Π½ΠΈ ΠΊΠ»ΠΈΠ΅Π½ΡΠΈ: Firefox 27, Chrome 30, IE 11 Π½Π° Windows 7, Edge, Opera 17, Safari 9, Android 5.0 ΠΈ Java 8
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}
Π‘ΡΠ΅Π΄Π½Π° ΠΏΠΎΠ΄Π΄ΡΡΠΆΠΊΠ°
ΠΠ°ΠΉ-ΡΡΠ°ΡΠΈΡΠ΅ ΠΏΠΎΠ΄Π΄ΡΡΠΆΠ°Π½ΠΈ ΠΊΠ»ΠΈΠ΅Π½ΡΠΈ: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}
Π‘ΡΠ°ΡΠ° ΠΏΠΎΠ΄Π΄ΡΡΠΆΠΊΠ°
ΠΠ°ΠΉ-ΡΡΠ°ΡΠΈΡΠ΅ ΠΏΠΎΠ΄Π΄ΡΡΠΆΠ°Π½ΠΈ ΠΊΠ»ΠΈΠ΅Π½ΡΠΈ: Windows XP IE6, Java 6
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;
# old configuration. tweak to your needs.
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}
ΠΡΠ΅ΠΏΠΎΡΡΡΠΈΡΠ΅Π»Π½ΠΎ Π΅ Π²ΠΈΠ½Π°Π³ΠΈ Π΄Π° ΠΈΠ·ΠΏΠΎΠ»Π·Π²Π°ΡΠ΅ ΠΏΡΠ»Π½ΠΈΡ ΠΏΠ°ΠΊΠ΅Ρ Π·Π° ΡΠΈΡΡΠΎΠ²Π°Π½Π΅ ΠΈ Π½Π°ΠΉ-Π½ΠΎΠ²Π°ΡΠ° Π²Π΅ΡΡΠΈΡ Π½Π° OpenSSL. ΠΠ°ΠΊΠ΅ΡΡΡ Π·Π° ΡΠΈΡΡΠΎΠ²Π°Π½Π΅ Π² Π½Π°ΡΡΡΠΎΠΉΠΊΠΈΡΠ΅ Π½Π° ΡΡΡΠ²ΡΡΠ° ΠΎΠΏΡΠ΅Π΄Π΅Π»Ρ ΠΏΡΠΈΠΎΡΠΈΡΠ΅ΡΠ°, Π² ΠΊΠΎΠΉΡΠΎ ΡΠ΅ ΡΠ΅ ΠΈΠ·ΠΏΠΎΠ»Π·Π²Π°Ρ, Π² Π·Π°Π²ΠΈΡΠΈΠΌΠΎΡΡ ΠΎΡ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈΡΠ΅ Π½Π° ΠΊΠ»ΠΈΠ΅Π½ΡΠ°.
ΠΠ·ΡΠ»Π΅Π΄Π²Π°Π½ΠΈΡΡΠ° ΠΏΠΎΠΊΠ°Π·Π²Π°Ρ, ΡΠ΅ Π½Π΅ Π΅ Π΄ΠΎΡΡΠ°ΡΡΡΠ½ΠΎ ΠΏΡΠΎΡΡΠΎ Π΄Π° ΠΈΠ½ΡΡΠ°Π»ΠΈΡΠ°ΡΠ΅ HTTPS ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ. βΠΡΠΏΡΠ΅ΠΊΠΈ ΡΠ΅ Π½Π΅ ΠΎΠ±ΡΠ°Π±ΠΎΡΠ²Π°ΠΌΠ΅ Π±ΠΈΡΠΊΠ²ΠΈΡΠΊΠΈ, ΠΊΠ°ΠΊΡΠΎ ΠΏΡΠ°Π²Π΅Ρ
ΠΌΠ΅ ΠΏΡΠ΅Π· 2005 Π³., ΠΈ βΠΏΡΠΈΠ»ΠΈΡΠ½ΠΈΡΡ TLSβ Π΅ ΡΡΠ°Π½Π°Π» ΠΎΠ±ΠΈΡΠ°Π΅Π½, ΡΠ΅ ΠΎΠΊΠ°Π·Π²Π°, ΡΠ΅ ΡΠ΅Π·ΠΈ ΠΎΡΠ½ΠΎΠ²Π½ΠΈ Π½Π΅ΡΠ° Π½Π΅ ΡΠ° Π΄ΠΎΡΡΠ°ΡΡΡΠ½ΠΈ, Π·Π° Π΄Π° ΠΎΡΠΈΠ³ΡΡΡΡ ΠΈΠ·Π½Π΅Π½Π°Π΄Π²Π°ΡΠΎ Π³ΠΎΠ»ΡΠΌ Π±ΡΠΎΠΉ ΠΌΠ½ΠΎΠ³ΠΎ ΠΏΠΎΠΏΡΠ»ΡΡΠ½ΠΈ ΡΠ°ΠΉΡΠΎΠ²Π΅,β
ΠΠ·ΡΠΎΡΠ½ΠΈΠΊ: www.habr.com