ååã®ãµã€ã
/ããªãã«ãŒ/
ããŒãã«
åããŠæ»æã«ã€ããŠ
ãã®æ¬è³ªã¯æ¬¡ã®ãšããã§ããããã«ãŒã¯ãæ¥ç¶ã®åæããšãã¥ã¬ãŒãããŠãã¯ã©ã€ã¢ã³ãã« SSL 3.0 çµç±ã§æ¥ç¶ãããã匷å¶ããŸãã 次ã«ãæå·åããããã¡ã€ã«å
ãæ€çŽ¢ããŸã
SSL 3.0 ã¯æ代é
ãã®ãããã³ã«ã§ãã ãããã圌ã®å®å
šã®åé¡ã¯äŸç¶ãšããŠéèŠã ã ã¯ã©ã€ã¢ã³ãã¯ããµãŒããŒãšã®äºææ§ã®åé¡ãåé¿ããããã«ããã䜿çšããŸãã ããã€ãã®ããŒã¿ã«ãããšãæã人æ°ã®ãã 7 äžãµã€ãã®ãã¡ãã»ãŒ 100% ã
èªåèªèº«ãå®ãæ¹æ³ã ãªãªãžãã«ã® POODLE ã®å ŽåãSSL 3.0 ãµããŒããç¡å¹ã«ããå¿ èŠããããŸãã ãã ãããã®å Žåãäºææ§ã®åé¡ãçºçãããªã¹ã¯ããããŸãã 代æ¿ãœãªã¥ãŒã·ã§ã³ãšããŠã¯ãTLS_FALLBACK_SCSV ã¡ã«ããºã ãèããããŸããããã«ãããSSL 3.0 ãä»ããããŒã¿äº€æãå€ãã·ã¹ãã ã§ã®ã¿å®è¡ãããããšãä¿èšŒãããŸãã æ»æè ã¯ãããã³ã«ã®ããŠã³ã°ã¬ãŒããéå§ã§ããªããªããŸãã Zombie POODLE ããã³ GOLDENDOODLE ããä¿è·ããæ¹æ³ã¯ãTLS 1.2 ããŒã¹ã®ã¢ããªã±ãŒã·ã§ã³ã§ CBC ãµããŒããç¡å¹ã«ããããšã§ãã æ ¹æ¬çãªè§£æ±ºçã¯ãTLS 1.3 ãžã®ç§»è¡ã§ããæ°ããããŒãžã§ã³ã®ãããã³ã«ã§ã¯ CBC æå·åã䜿çšãããŸããã 代ããã«ãããèä¹ æ§ã®é«ã AES ãš ChaCha20 ã䜿çšãããŸãã
BEAST
1.0 幎ã«çºèŠããããSSL ããã³ TLS 2011 ã«å¯Ÿããæåã®æ»æã® XNUMX ã€ã ããŒãã«ãããŒã¹ãã®ããã«
çŸåšã®ãšãããBEAST ã®è匱æ§ã¯æ®ã£ãŠããŸã
èªåèªèº«ãå®ãæ¹æ³ã æ»æè
ã¯ããŒã¿ã埩å·åããããã«å®æçãªãªã¯ãšã¹ããéä¿¡ããå¿
èŠããããŸãã VMware ã®å Žå
溺ãã
ããã¯ã2 ããã RSA ããŒã䜿çšãã SSLv40 å®è£
ã®ãã°ãæªçšããã¯ãã¹ãããã³ã«æ»æã§ãã æ»æè
ã¯ã¿ãŒã²ããã®äœçŸãã® TLS æ¥ç¶ããªãã¹ã³ããåãç§å¯ããŒã䜿çšããŠç¹å¥ãªãã±ããã SSLv2 ãµãŒããŒã«éä¿¡ããŸãã 䜿çšãã
DROWN 㯠2016 幎ã«åããŠç¥ãããŸãããããã®åŸã
èªåèªèº«ãå®ãæ¹æ³ã æå·åã©ã€ãã©ãªã®éçºè
ãææ¡ãããSSLv2 ãµããŒããç¡å¹ã«ããããããã€ã³ã¹ããŒã«ããå¿
èŠããããŸãã ããšãã°ãOpenSSL ã«å¯ŸããŠãã®ãããªãããã 2016 ã€æäŸãããŸãã (XNUMX 幎)
ãã¡ãŒã« ãµãŒããŒãªã©ãSSLv2 ã䜿çšãããµãŒãããŒã㣠ãµãŒããŒã§ãªãœãŒã¹ã®ããŒã䜿çšãããŠããå ŽåããªãœãŒã¹ã¯ DROWN ã«å¯ŸããŠè匱ã«ãªãå¯èœæ§ããããŸãããšéçºéšéã®è²¬ä»»è ã¯è¿°ã¹ãŠããŸãã
IaaS ãããã€ã㌠1cloud.ru ã»ã«ã²ã€ã»ãã«ãã³ã â ãã®ç¶æ³ã¯ãè€æ°ã®ãµãŒããŒãå ±éã® SSL 蚌ææžã䜿çšããŠããå Žåã«çºçããŸãã ãã®å Žåããã¹ãŠã®ãã·ã³ã§ SSLv2 ãµããŒããç¡å¹ã«ããå¿ èŠããããŸããã
ç¹å¥ãªããŒã«ã䜿çšããŠãã·ã¹ãã ãæŽæ°ããå¿
èŠããããã©ããã確èªã§ããŸãã
ããŒãããªãŒã
ãœãããŠã§ã¢ã«ãããæ倧ã®è匱æ§ã® XNUMX ã€ã¯ã
ãã®æ»æã¯ãå°ã㪠Heartbeat TLS æ¡åŒµã¢ãžã¥ãŒã«ãéããŠå®è£
ãããŸãã TLS ãããã³ã«ã§ã¯ãããŒã¿ãç¶ç¶çã«éä¿¡ãããããšãå¿
èŠã§ãã ããŠã³ã¿ã€ã ãé·åŒããšãåæãçºçããæ¥ç¶ãå確ç«ããå¿
èŠããããŸãã ãã®åé¡ã«å¯ŸåŠããããã«ããµãŒããŒãšã¯ã©ã€ã¢ã³ãã¯ãã£ãã«ã«äººçºçã«ããã€ãºããäžããŸã (
ãã®è匱æ§ã¯ã1.0.1 ãã 1.0.1f ãŸã§ã®ã©ã€ãã©ãªã®ãã¹ãŠã®ããŒãžã§ã³ã«ååšãããŸãã12.04.4 ãŸã§ã® Ubuntuã6.5 ããå€ã CentOSãOpenBSD 5.3 ãªã©ã®å€ãã®ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã«ãååšããŸããã å®å
šãªãªã¹ãããããŸã
èªåèªèº«ãå®ãæ¹æ³ã å¿
èŠ
蚌ææžã®ä»£æ¿
æ£èŠã® SSL 蚌ææžãæã€ç®¡ç察象ããŒãããŠãŒã¶ãŒãšãµãŒããŒã®éã«ã€ã³ã¹ããŒã«ããããã©ãã£ãã¯ãã¢ã¯ãã£ãã«ååããŸãã ãã®ããŒãã¯æå¹ãªèšŒææžãæ瀺ããããšã§æ£èŠã®ãµãŒããŒã«ãªãããŸããMITM æ»æãå®è¡ããããšãå¯èœã«ãªããŸãã
ã«ãã
èªåèªèº«ãå®ãæ¹æ³ã ä¿¡é Œã§ãããµãŒãã¹ãå©çšãã
å¥ã®ä¿è·æ¹æ³ãæ°ãã«ç»å ŽããŸãã
/ããªãã«ãŒ/
HTTPS ã®å±æ
å€æ°ã®è匱æ§ã«ãããããããIT 倧æãšæ
å ±ã»ãã¥ãªãã£ã®å°é家ã¯ããã®ãããã³ã«ã®å°æ¥æ§ã«èªä¿¡ãæã£ãŠããŸãã HTTPS ã®ç©æ¥µçãªå®è£
ã®ããã«
æ©æ¢°åŠç¿ã䜿çšãã SSL/TLS ãã¯ãããžãŒã®éçºãèšç»ãããŠãããã¹ããŒã ã¢ã«ãŽãªãºã ãæªæã®ãããã©ãã£ãã¯ã®ãã£ã«ã¿ãªã³ã°ãæ
åœããŸãã HTTPS æ¥ç¶ã§ã¯ã管çè
ã¯ãã«ãŠã§ã¢ããã®ãªã¯ãšã¹ãã®æ€åºãªã©ãæå·åãããã¡ãã»ãŒãžã®å
容ãç¥ãæ¹æ³ããããŸããã ãã§ã«ä»æ¥ããã¥ãŒã©ã« ãããã¯ãŒã¯ã¯æœåšçã«å±éºãªãã±ããã 90% ã®ç²ŸåºŠã§ãã£ã«ã¿ãªã³ã°ããããšãã§ããŸãã (
æèŠ
HTTPS ã«å¯Ÿããæ»æã®ã»ãšãã©ã¯ããããã³ã«èªäœã®åé¡ã§ã¯ãªããæ代é ãã®æå·åã¡ã«ããºã ã®ãµããŒãã«é¢é£ããŠããŸãã IT æ¥çã¯åŸã ã«åäžä»£ã®ãããã³ã«ãæŸæ£ããè匱æ§ãæ€çŽ¢ããããã®æ°ããããŒã«ãæäŸãå§ããŠããŸãã å°æ¥çã«ã¯ããããã®ããŒã«ã¯ãŸããŸãã€ã³ããªãžã§ã³ãã«ãªãã§ãããã
ãã®ãããã¯ã«é¢ããè¿œå ãªã³ã¯:
ã¯ã©ãŠãã§ã®éçºãæ å ±ã»ãã¥ãªãã£ãå人ããŒã¿: 1cloud ã®ãã€ãžã§ã¹ã SSL ãã€ãžã§ã¹ã: ããã¬ãªã©ã«é¢ããæé«ã®å®çšçãªè³æ VPN ãã€ãžã§ã¹ã: Habré ã®çŽ¹ä»èšäºãªã©
åºæïŒ habr.com