Let's Encrypt, bungwe loyang'anira satifiketi yopanda phindu lomwe limayang'aniridwa ndi anthu ammudzi ndipo limapereka ziphaso kwaulere kwa aliyense, lidalengeza kuchotsedwa koyambirira kwa ziphaso za TLS pafupifupi miliyoni ziwiri, zomwe ndi pafupifupi 1% ya ziphaso zonse zogwira ntchito zaulamuliro wa certification. Kuthetsedwa kwa satifiketi kudayambika chifukwa chodziwika kuti sakutsata zofunikira mu code yomwe yagwiritsidwa ntchito mu Let's Encrypt ndikukhazikitsa kukulitsa kwa TLS-ALPN-01 (RFC 7301, Application-Layer Protocol Negotiation). Kusiyanaku kudachitika chifukwa chosowa macheke ena omwe adachitika panthawi yolumikizirana potengera kukulitsa kwa ALPN TLS komwe kumagwiritsidwa ntchito mu HTTP/2. Tsatanetsatane wa zomwe zachitikazi zidzasindikizidwa kuthetsedwa kwa ziphaso zovuta kumalizidwa.
Pa Januware 26 pa 03:48 (MSK) vuto lidakonzedwa, koma ziphaso zonse zomwe zidaperekedwa pogwiritsa ntchito njira ya TLS-ALPN-01 zotsimikizira zidasankhidwa kukhala zosavomerezeka. Kuchotsedwa kwa satifiketi kudzayamba pa Januware 28 nthawi ya 19:00 (MSK). Mpaka nthawi ino, ogwiritsa ntchito njira yotsimikizira ya TLS-ALPN-01 akulangizidwa kuti asinthe ziphaso zawo, apo ayi zidzakhala zosavomerezeka msanga.
Zidziwitso zofunikira pakufunika kosintha masatifiketi zimatumizidwa ndi imelo. Ogwiritsa ntchito Certbot ndi zida zopanda madzi kuti apeze satifiketi sanakhudzidwe ndi vutoli akamagwiritsa ntchito zosintha. Njira ya TLS-ALPN-01 imathandizidwa mu Caddy, Traefik, apache mod_md ndi phukusi la autocert. Mutha kuyang'ana kulondola kwa ziphaso zanu pofufuza zozindikiritsa, manambala amtundu kapena madomeni pamndandanda wamasatifiketi ovuta.
Popeza kusintha kumakhudza khalidwe poyang'ana pogwiritsa ntchito njira ya TLS-ALPN-01, kukonzanso kasitomala wa ACME kapena kusintha makonzedwe (Caddy, bitnami / bn-cert, autocert, apache mod_md, Traefik) angafunike kuti apitirize kugwira ntchito. Zosinthazi zikuphatikiza kugwiritsa ntchito mitundu ya TLS yosachepera 1.2 (makasitomala sadzathanso kugwiritsa ntchito TLS 1.1) komanso kuchotsedwa kwa OID 1.3.6.1.5.5.7.1.30.1, komwe kumazindikiritsa kukulitsa kwa acmeIdentifier kwakanthawi, komwe kumathandizidwa kale. zojambula za RFC 8737 (pamene mukupanga satifiketi, tsopano OID 1.3.6.1.5.5.7.1.31 Yokha ndiyololedwa, ndipo makasitomala omwe amagwiritsa ntchito OID 1.3.6.1.5.5.7.1.30.1 sangathe kupeza satifiketi).
Source: opennet.ru