The Internet Engineering Task Force (IETF), wanda ke haɓaka ka'idojin Intanet da gine-gine, ya buga RFC 8996, a hukumance yana lalata TLS 1.0 da 1.1.
An buga ƙayyadaddun TLS 1.0 a cikin Janairu 1999. Shekaru bakwai bayan haka, an fitar da sabuntawar TLS 1.1 tare da inganta tsaro masu alaƙa da haɓakar ƙwaƙƙwaran ƙaddamarwa da padding. Dangane da sabis ɗin SSL Pulse, tun daga ranar 16 ga Janairu, ƙa'idar TLS 1.2 tana goyan bayan 95.2% na rukunin yanar gizon da ke ba da izinin kafa amintaccen haɗin gwiwa, da TLS 1.3 - ta 14.2%. Ana karɓar haɗin TLS 1.1 da kashi 77.4% na rukunin yanar gizon HTTPS, yayin da haɗin TLS 1.0 ke karɓa da 68%. Kusan 21% na farkon 100 dubu shafukan da aka nuna a cikin Alexa ranking har yanzu ba sa amfani da HTTPS.
Babban matsalolin TLS 1.0 / 1.1 shine rashin tallafi ga ciphers na zamani (misali, ECDHE da AEAD) da kasancewar ƙayyadaddun abin da ake buƙata don tallafawa tsofaffin cibiyoyi, wanda ake tambayar amincinsa a halin yanzu na ci gaba. na fasahar kwamfuta (misali, ana buƙatar tallafi don TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA don tabbatar da gaskiya da kuma amfani da MD5 da SHA-1). Taimakawa ga tsoffin algorithms sun riga sun haifar da hare-hare kamar ROBOT, DROWN, BEAST, Logjam da FREAK. Koyaya, ba a yi la'akari da waɗannan matsalolin kai tsaye ga raunin yarjejeniya ba kuma an warware su a matakin aiwatar da su. Ka'idojin TLS 1.0/1.1 da kansu ba su da lahani masu mahimmanci waɗanda za a iya amfani da su don kai hare-hare masu amfani.
source: budenet.ru