ΠΠ΄ΠΈΠ½ ΠΈΠ· ΡΠΎΠΏΠΎΠ²ΡΡ
ΡΠ°ΠΉΡΠΎΠ² Alexa (ΡΠ΅Π½ΡΡΠ°Π»ΡΠ½ΡΠΉ ΠΊΡΡΠΆΠΎΠΊ), Π·Π°ΡΠΈΡΡΠ½Π½ΡΠΉ HTTPS, Ρ ΠΏΠΎΠ΄Π΄ΠΎΠΌΠ΅Π½Π°ΠΌΠΈ (ΡΠ΅ΡΡΠΌ) ΠΈ Π·Π°Π²ΠΈΡΠΈΠΌΠΎΡΡΡΠΌΠΈ (Π±Π΅Π»ΡΠΌ), ΡΡΠ΅Π΄ΠΈ ΠΊΠΎΡΠΎΡΡΡ
Π΅ΡΡΡ ΡΡΠ·Π²ΠΈΠΌΡΠ΅ (ΡΡΡΠΈΡ
ΠΎΠ²Π°Ρ Π·Π°Π»ΠΈΠ²ΠΊΠ°)
Π Π½Π°ΡΠ΅ Π²ΡΠ΅ΠΌΡ Π·Π½Π°ΡΠΎΠΊ Π·Π°ΡΠΈΡΡΠ½Π½ΠΎΠ³ΠΎ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ HTTPS ΡΡΠ°Π» ΡΡΠ°Π½Π΄Π°ΡΡΠ½ΡΠΌ ΠΈ Π΄Π°ΠΆΠ΅ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠΌ Π°ΡΡΠΈΠ±ΡΡΠΎΠΌ Π»ΡΠ±ΠΎΠ³ΠΎ ΡΠ΅ΡΡΡΠ·Π½ΠΎΠ³ΠΎ ΡΠ°ΠΉΡΠ°. ΠΡΠ»ΠΈ
ΠΠΎ ΠΎΠΊΠ°Π·ΡΠ²Π°Π΅ΡΡΡ, ΡΡΠΎ Π½Π°Π»ΠΈΡΠΈΠ΅ Β«Π·Π°ΠΌΠΎΡΠΊΠ°Β» Π² Π°Π΄ΡΠ΅ΡΠ½ΠΎΠΉ ΡΡΡΠΎΠΊΠ΅ Π½Π΅ Π²ΡΠ΅Π³Π΄Π° Π³Π°ΡΠ°Π½ΡΠΈΡΡΠ΅Ρ Π·Π°ΡΠΈΡΡ.
Π Π΅Π·ΡΠ»ΡΡΠ°ΡΡ ΠΈΡΡΠ»Π΅Π΄ΠΎΠ²Π°Π½ΠΈΡ
ΠΡΡΠ»Π΅Π΄ΠΎΠ²Π°Π½ΠΈΠ΅ ΠΏΡΠΎΠ²Π΅Π»ΠΈ ΡΠΏΠ΅ΡΠΈΠ°Π»ΠΈΡΡΡ ΠΈΠ· ΠΠ΅Π½Π΅ΡΠΈΠ°Π½ΡΠΊΠΎΠ³ΠΎ ΡΠ½ΠΈΠ²Π΅ΡΡΠΈΡΠ΅ΡΠ° ΠΠ°’ Π€ΠΎΡΠΊΠ°ΡΠΈ (ΠΡΠ°Π»ΠΈΡ) ΠΈ ΠΠ΅Π½ΡΠΊΠΎΠ³ΠΎ ΡΠ΅Ρ Π½ΠΈΡΠ΅ΡΠΊΠΎΠ³ΠΎ ΡΠ½ΠΈΠ²Π΅ΡΡΠΈΡΠ΅ΡΠ°. ΠΠΎΠ΄ΡΠΎΠ±Π½ΡΠΉ Π΄ΠΎΠΊΠ»Π°Π΄ ΠΎΠ½ΠΈ ΠΏΡΠ΅Π΄ΡΡΠ°Π²ΡΡ Π½Π° 40-ΠΌ ΡΠΈΠΌΠΏΠΎΠ·ΠΈΡΠΌΠ΅ IEEE ΠΏΠΎ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΠΈ ΠΏΡΠΈΠ²Π°ΡΠ½ΠΎΡΡΠΈ, ΠΊΠΎΡΠΎΡΡΠΉ ΠΏΡΠΎΠΉΠ΄ΡΡ 20β22 ΠΌΠ°Ρ 2019 Π³ΠΎΠ΄Π° Π² Π‘Π°Π½-Π€ΡΠ°Π½ΡΠΈΡΠΊΠΎ.
ΠΡΠ»ΠΈ ΠΏΡΠΎΠ²Π΅ΡΠ΅Π½Ρ 10 000 ΡΠ°ΠΌΡΡ ΠΏΠΎΠΏΡΠ»ΡΡΠ½ΡΡ ΡΠ°ΠΉΡΠΎΠ² HTTPS ΠΈΠ· ΡΠΏΠΈΡΠΊΠ° Alexa ΠΈ 90 816 ΡΠ²ΡΠ·Π°Π½Π½ΡΡ Ρ Π½ΠΈΠΌΠΈ Ρ ΠΎΡΡΠΎΠ². Π£ΡΠ·Π²ΠΈΠΌΡΠ΅ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ Π²ΡΡΠ²Π»Π΅Π½Ρ Π½Π° 5574 Ρ ΠΎΡΡΠ°Ρ , ΡΠΎ Π΅ΡΡΡ ΠΏΡΠΈΠΌΠ΅ΡΠ½ΠΎ Π½Π° 5,5% ΠΎΡ ΠΎΠ±ΡΠ΅Π³ΠΎ ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²Π°:
- 4818 ΡΡΠ·Π²ΠΈΠΌΡ Π΄Π»Ρ MITM
- 733 ΡΡΠ·Π²ΠΈΠΌΡ Π΄Π»Ρ ΠΏΠΎΠ»Π½ΠΎΠΉ Π΄Π΅ΡΠΈΡΡΠΎΠ²ΠΊΠΈ TLS
- 912 ΡΡΠ·Π²ΠΈΠΌΡ Π΄Π»Ρ ΡΠ°ΡΡΠΈΡΠ½ΠΎΠΉ Π΄Π΅ΡΠΈΡΡΠΎΠ²ΠΊΠΈ TLS
898 ΡΠ°ΠΉΡΠΎΠ² ΠΏΠΎΠ»Π½ΠΎΡΡΡΡ ΠΎΡΠΊΡΡΡΡ Π΄Π»Ρ Π²Π·Π»ΠΎΠΌΠ°, ΡΠΎ Π΅ΡΡΡ Π΄ΠΎΠΏΡΡΠΊΠ°ΡΡ ΠΈΠ½ΡΠ΅ΠΊΡΠΈΡ ΠΏΠΎΡΡΠΎΡΠΎΠ½Π½ΠΈΡ ΡΠΊΡΠΈΠΏΡΠΎΠ², Π° 977 ΡΠ°ΠΉΡΠΎΠ² Π·Π°Π³ΡΡΠΆΠ°ΡΡ ΠΊΠΎΠ½ΡΠ΅Π½Ρ ΡΠΎ ΡΠ»Π°Π±ΠΎ Π·Π°ΡΠΈΡΡΠ½Π½ΡΡ ΡΡΡΠ°Π½ΠΈΡ, Ρ ΠΊΠΎΡΠΎΡΡΠΌΠΈ ΠΌΠΎΠΆΠ΅Ρ Π²Π·Π°ΠΈΠΌΠΎΠ΄Π΅ΠΉΡΡΠ²ΠΎΠ²Π°ΡΡ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊ.
ΠΡΡΠ»Π΅Π΄ΠΎΠ²Π°ΡΠ΅Π»ΠΈ ΠΏΠΎΠ΄ΡΡΡΠΊΠΈΠ²Π°ΡΡ, ΡΡΠΎ ΡΡΠ΅Π΄ΠΈ 898 Β«ΠΏΠΎΠ»Π½ΠΎΡΡΡΡ ΡΠΊΠΎΠΌΠΏΡΠΎΠΌΠ΅ΡΠΈΡΠΎΠ²Π°Π½Π½ΡΡ Β» ΡΠ΅ΡΡΡΡΠΎΠ² β ΠΈΠ½ΡΠ΅ΡΠ½Π΅Ρ-ΠΌΠ°Π³Π°Π·ΠΈΠ½Ρ, ΡΠΈΠ½Π°Π½ΡΠΎΠ²ΡΠ΅ ΡΠ΅ΡΠ²ΠΈΡΡ ΠΈ Π΄ΡΡΠ³ΠΈΠ΅ ΠΊΡΡΠΏΠ½ΡΠ΅ ΡΠ°ΠΉΡΡ. 660 ΠΈΠ· 898 ΡΠ°ΠΉΡΠΎΠ² Π·Π°Π³ΡΡΠΆΠ°ΡΡ Π²Π½Π΅ΡΠ½ΠΈΠ΅ ΡΠΊΡΠΈΠΏΡΡ Ρ ΡΡΠ·Π²ΠΈΠΌΡΡ Ρ ΠΎΡΡΠΎΠ²: ΡΡΠΎ ΠΎΡΠ½ΠΎΠ²Π½ΠΎΠΉ ΠΈΡΡΠΎΡΠ½ΠΈΠΊ ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ. ΠΠΎ ΡΠ»ΠΎΠ²Π°ΠΌ Π°Π²ΡΠΎΡΠΎΠ², ΡΠ»ΠΎΠΆΠ½ΠΎΡΡΡ ΡΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ Π²Π΅Π±-ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ ΠΌΠ½ΠΎΠ³ΠΎΠΊΡΠ°ΡΠ½ΠΎ ΡΠ²Π΅Π»ΠΈΡΠΈΠ²Π°Π΅Ρ ΠΏΠΎΠ²Π΅ΡΡ Π½ΠΎΡΡΡ Π°ΡΠ°ΠΊΠΈ.
ΠΠ±Π½Π°ΡΡΠΆΠ΅Π½Ρ ΠΈ Π΄ΡΡΠ³ΠΈΠ΅ ΠΏΡΠΎΠ±Π»Π΅ΠΌΡ: Ρ 10% ΡΠΎΡΠΌ Π΄Π»Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ ΠΏΡΠΎΠ±Π»Π΅ΠΌΡ Ρ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΠΉ ΠΏΠ΅ΡΠ΅Π΄Π°ΡΠ΅ΠΉ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ, ΡΡΠΎ Π³ΡΠΎΠ·ΠΈΡ ΡΡΠ΅ΡΠΊΠΎΠΉ ΠΏΠ°ΡΠΎΠ»Π΅ΠΉ, 412 ΡΠ°ΠΉΡΠΎΠ² Π΄ΠΎΠΏΡΡΠΊΠ°ΡΡ ΠΏΠ΅ΡΠ΅Ρ Π²Π°Ρ ΠΊΡΠΊΠΈΡΠΎΠ² ΠΈ Β«ΡΠ³ΠΎΠ½ ΡΠ΅ΡΡΠΈΠΈΒ», Π° 543 ΡΠ°ΠΉΡΠ° ΠΏΠΎΠ΄Π²Π΅ΡΠΆΠ΅Π½Ρ Π°ΡΠ°ΠΊΠ°ΠΌ Π½Π° cookie integrity (ΡΠ΅ΡΠ΅Π· ΠΏΠΎΠ΄Π΄ΠΎΠΌΠ΅Π½Ρ).
ΠΡΠΎΠ±Π»Π΅ΠΌΠ° Π² ΡΠΎΠΌ, ΡΡΠΎ Π·Π° ΠΏΠΎΡΠ»Π΅Π΄Π½ΠΈΠ΅ Π³ΠΎΠ΄Ρ Π² ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Π°Ρ
SSL/TLS ΠΈ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ½ΠΎΠΌ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΠΈ
Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄ΡΠ΅ΠΌΡΠ΅ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ
ΠΠ΅ ΡΡΡΠ΅ΡΡΠ²ΡΠ΅Ρ ΠΎΠ΄Π½ΠΎΠ³ΠΎ ΠΎΡΠΈΡΠΈΠ°Π»ΡΠ½ΠΎ ΠΎΠ΄ΠΎΠ±ΡΠ΅Π½Π½ΠΎΠ³ΠΎ ΠΈ ΡΠΎΠ³Π»Π°ΡΠΎΠ²Π°Π½Π½ΠΎΠ³ΠΎ ΡΠΏΠΈΡΠΊΠ° ΡΠ΅ΠΊΠΎΠΌΠ΅Π½Π΄ΡΠ΅ΠΌΡΡ
Π½Π°ΡΡΡΠΎΠ΅ΠΊ HTTPS. Π’Π°ΠΊ,
Π‘ΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΡΠΉ ΡΠ΅ΠΆΠΈΠΌ
Π‘Π°ΠΌΡΠ΅ ΡΡΠ°ΡΡΠ΅ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°Π΅ΠΌΡΠ΅ ΠΊΠ»ΠΈΠ΅Π½ΡΡ: Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, and Java 8
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}
Π‘ΡΠ΅Π΄Π½ΡΡ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ°
Π‘Π°ΠΌΡΠ΅ ΡΡΠ°ΡΡΠ΅ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°Π΅ΠΌΡΠ΅ ΠΊΠ»ΠΈΠ΅Π½ΡΡ: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}
Π‘ΡΠ°ΡΠ°Ρ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ°
Π‘Π°ΠΌΡΠ΅ ΡΡΠ°ΡΡΠ΅ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°Π΅ΠΌΡΠ΅ ΠΊΠ»ΠΈΠ΅Π½ΡΡ: Windows XP IE6, Java 6
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;
# old configuration. tweak to your needs.
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}
Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄ΡΠ΅ΡΡΡ Π²ΡΠ΅Π³Π΄Π° ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΠΏΠΎΠ»Π½ΡΠΉ Π½Π°Π±ΠΎΡ ΡΠΈΡΡΠΎΠ² ΠΈ ΠΏΠΎΡΠ»Π΅Π΄Π½ΡΡ Π²Π΅ΡΡΠΈΡ OpenSSL. ΠΠ°Π±ΠΎΡ ΡΠΈΡΡΠΎΠ² Π² Π½Π°ΡΡΡΠΎΠΉΠΊΠ°Ρ ΡΠ΅ΡΠ²Π΅ΡΠ° ΡΠΊΠ°Π·ΡΠ²Π°Π΅Ρ ΠΏΡΠΈΠΎΡΠΈΡΠ΅Ρ, Π² ΠΊΠΎΡΠΎΡΠΎΠΌ ΠΎΠ½ΠΈ Π±ΡΠ΄ΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡΡΡ, Π² Π·Π°Π²ΠΈΡΠΈΠΌΠΎΡΡΠΈ ΠΎΡ Π½Π°ΡΡΡΠΎΠ΅ΠΊ ΠΊΠ»ΠΈΠ΅Π½ΡΠ°.
ΠΡΡΠ»Π΅Π΄ΠΎΠ²Π°Π½ΠΈΠ΅ ΠΏΠΎΠΊΠ°Π·ΡΠ²Π°Π΅Ρ, ΡΡΠΎ Π½Π΅Π΄ΠΎΡΡΠ°ΡΠΎΡΠ½ΠΎ ΠΏΡΠΎΡΡΠΎ ΡΡΡΠ°Π½ΠΎΠ²ΠΈΡΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ HTTPS. Β«Π₯ΠΎΡΡ ΠΌΡ Π½Π΅ ΠΎΠ±ΡΠ°Π±Π°ΡΡΠ²Π°Π΅ΠΌ ΠΊΡΠΊΠΈ ΠΊΠ°ΠΊ Π² 2005 Π³ΠΎΠ΄Ρ, Π° βΠΏΡΠΈΡΡΠΎΠΉΠ½ΡΠΉ TLSβ ΡΡΠ°Π» ΠΎΠ±ΡΠΈΠΌ ΠΌΠ΅ΡΡΠΎΠΌ, Π½ΠΎ Π²ΡΡΡΠ½ΡΠ΅ΡΡΡ, ΡΡΠΎ ΡΡΠΈΡ
Π±Π°Π·ΠΎΠ²ΡΡ
Π²Π΅ΡΠ΅ΠΉ Π½Π΅Π΄ΠΎΡΡΠ°ΡΠΎΡΠ½ΠΎ Π΄Π»Ρ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΡ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ Π½Π° ΡΠ΄ΠΈΠ²Π»Π΅Π½ΠΈΠ΅ Π±ΠΎΠ»ΡΡΠΎΠ³ΠΎ ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²Π° ΠΎΡΠ΅Π½Ρ ΠΏΠΎΠΏΡΠ»ΡΡΠ½ΡΡ
ΡΠ°ΠΉΡΠΎΠ²Β», β
ΠΡΡΠΎΡΠ½ΠΈΠΊ: habr.com