Kare, zvitupa zvaiwanzopera nekuti zvaifanira kuvandudzwa nemaoko. Vanhu vakangokanganwa kuzviita. Nekuuya kweLet Encrypt uye otomatiki yekuvandudza maitiro, zvinoita sekunge dambudziko rinofanira kugadziriswa. Asi munguva pfupi yapfuura inoratidza kuti, chokwadi, ichiri kushanda. Sezvineiwo, zvitupa zvinoramba zvichipera.
Kana ukapotsa nyaya, pakati pehusiku muna Chivabvu 4, 2019, dzinenge dzese Firefox extensions dzakangoerekana dzamira kushanda.
Sezvakazoitika, kukundikana kukuru kwakaitika nekuda kwekuti Mozilla , iyo yakashandiswa kusaina kuwedzera. Naizvozvo, vakamakwa se "vasina basa" uye havana kusimbiswa () Pamaforamu, sechishandiso, zvakakurudzirwa kudzima siginecha yekuwedzera siginecha mukati pamusoro: config kana kushandura wachi yehurongwa.
Mozilla yakakurumidza kuburitsa Firefox 66.0.4 chigamba, icho chinogadzirisa dambudziko nechitupa chisina kushanda, uye zvese zvinowedzera zvinodzokera kune zvakajairika. Vagadziri vanokurudzira kuisa uye hapana maworkaround ekupfuura siginecha verification nekuti anogona kupesana nechigamba.
Nekudaro, iyi nyaya zvakare inoratidza kuti kupera kwechitupa kunoramba kuri nyaya iri kunetsa nhasi.
Panyaya iyi, zvinonakidza kutarisa nzira yepakutanga maitirwo evagadziri veprotocol vakaita nebasa iri . Mhinduro yavo inogona kugoverwa muzvikamu zviviri. Chekutanga, izvi zvitupa zvenguva pfupi. Chechipiri, kunyevera vashandisi nezve kupera kwenguva refu.
DNSCrypt
DNSCrypt ndeye DNS traffic encryption protocol. Iyo inodzivirira DNS kutaurirana kubva pakubata uye MiTM, uye zvakare inobvumidza iwe kuti upfuure nekuvharira paiyo DNS query level.
Iyo protocol inoputira DNS traffic pakati pemutengi uye sevha mune ye cryptographic kuvaka, inoshanda pamusoro peiyo UDP uye TCP maprotocol ekufambisa. Kuti uishandise, zvese mutengi uye DNS solver inofanirwa kutsigira DNSCrypt. Semuenzaniso, kubva munaKurume 2016, yakagoneswa pane yayo DNS maseva uye muYandex browser. Vamwe vapeji vakati wandei vakazivisawo rutsigiro, kusanganisira Google uye Cloudflare. Nehurombo, hapana mazhinji acho (152 yeruzhinji DNS maseva akanyorwa pane yepamutemo webhusaiti). Asi purogiramu inogona kuiswa nemaoko paLinux, Windows uye MacOS vatengi. Kune zvakare .
DNSCrypt inoshanda sei? Muchidimbu, mutengi anotora kiyi yeruzhinji yemupi akasarudzwa uye anoishandisa kuratidza zvitupa zvake. Makiyi eruzhinji enguva pfupi echikamu uye cipher suite identifier atovepo. Vatengi vanokurudzirwa kugadzira kiyi nyowani yechikumbiro chega chega, uye maseva anokurudzirwa kuchinja makiyi maawa makumi maviri nemana oga oga. Pakuchinjana makiyi, iyo X25519 algorithm inoshandiswa, kusaina - EdDSA, yeblock encryption - XSalsa20-Poly1305 kana XChaCha20-Poly1305.
Mumwe wevagadziri veprotocol Frank Denis iyo otomatiki kutsiva maawa makumi maviri nemana ega ega yakagadzirisa dambudziko rezvitupa zvakapera. Muchidimbu, iyo dnscrypt-proxy referensi mutengi inogamuchira zvitupa chero nguva yechokwadi, asi inopa yambiro "Iyo dnscrypt-proxy kiyi nguva yeserver iyi yakarebesa" kana ichishanda kweanopfuura maawa makumi maviri nemana. Panguva imwecheteyo, mufananidzo weDocker wakabudiswa, umo kuchinja kwekukurumidza kwemakiyi (uye zvitupa) kwakaitwa.
Chekutanga, inonyanya kubatsira pakuchengetedza: kana sevha ikakanganiswa kana kiyi yakadonhedzwa, saka traffic yanezuro haigone kudzikiswa. Kiyi yakatochinja. Izvi zvingangounza dambudziko pakuitwa kweYarovaya Law, iyo inomanikidza vanopa kuti vachengete traffic yese, kusanganisira yakavharidzirwa traffic. Zvazvinoreva ndezvekuti inogona kudzokororwa gare gare kana zvichidikanwa nekukumbira kiyi kubva kune saiti. Asi mune iyi kesi, saiti haigone kuipa, nekuti inoshandisa makiyi enguva pfupi, kudzima yekare.
Asi zvakanyanya kukosha, Denis anonyora, makiyi enguva pfupi anomanikidza maseva kumisikidza otomatiki kubva pazuva rekutanga. Kana sevha yakabatana netiweki uye makiyi ekuchinja zvinyorwa haana kugadziridzwa kana kusashanda, izvi zvinozoonekwa nekukurumidza.
Kana otomatiki ichichinja makiyi makore mashoma ega ega, haigone kuvimbwa nayo, uye vanhu vanogona kukanganwa nezve kupera kwechitupa. Kana iwe ukachinja makiyi zuva nezuva, izvi zvinozoonekwa ipapo ipapo.
Panguva imwecheteyo, kana otomatiki yakagadziriswa kazhinji, saka hazvina basa kuti makiyi anoshandurwa kakawanda sei: gore rega rega, kota yega kana katatu pazuva. Kana zvese zvikashanda kweanopfuura maawa makumi maviri nemana, zvichashanda nekusingaperi, anonyora Frank Denis. Sekureva kwake, kurudziro yemazuva ese kiyi kutenderera mune yechipiri vhezheni yeprotocol, pamwe neyakagadzirirwa-yakagadzirwa Docker mufananidzo unoushandisa, zvakadzikamisa huwandu hwemaseva ane zvitupa zvakapera, panguva imwe chete ichivandudza chengetedzo.
Nekudaro, vamwe vapeji vachiri vakasarudza, nekuda kwezvimwe zvikonzero zvehunyanzvi, kuseta chitupa nguva yechokwadi kune anopfuura maawa makumi maviri nemana. Dambudziko iri rakagadziriswa zvakanyanya nemitsara mishoma yekodhi mu dnscrypt-proxy: vashandisi vanogamuchira yambiro yeruzivo mazuva makumi matatu chitupa chisati chapera, imwe meseji ine hupamhi hwepamusoro nhanho 24 mazuva isati yapera, uye meseji yakaoma kana chitupa chine chero chasara. kusakwana kwemaawa makumi maviri nemana. Izvi zvinongoshanda kune zvitupa izvo pakutanga zvine nguva yakareba yechokwadi.
Aya mameseji anopa vashandisi mukana wekuzivisa DNS vashandisi nezvekuuya kwekupera kwechitupa nguva isati yakwana.
Zvichida kana vese vashandisi veFirefox vakagamuchira meseji yakadai, saka mumwe munhu angangozivisa vanogadzira uye havazotendera kuti chitupa chipere. "Handiyeuki sevha imwe chete yeDNSCrypt pane rondedzero yeruzhinji DNS maseva iyo yakave nechitupa chayo ichipera mumakore maviri kana matatu apfuura," anonyora kudaro Frank Denis. Chero zvazvingava, zvingangove zviri nani kunyevera vashandisi kutanga pane kudzima mawedzero pasina yambiro.
Source: www.habr.com