Pakutanga kwegore, mumushumo wematambudziko eInternet uye kuwanikwa kwe2018-2019.
IETF TLS Working Group Chairs
"Muchidimbu, TLS 1.3 inofanirwa kupa hwaro hweInternet yakachengeteka uye inoshanda kwemakore makumi maviri anotevera."
Development
Maererano naEric Rescorla (Firefox CTO uye ega munyori weTLS 1.3)
"Uku kutsiva kwakazara kweTLS 1.2, uchishandisa makiyi uye zvitupa zvakafanana, saka mutengi neserver vanogona kutaurirana pamusoro peTLS 1.3 kana vese vakaitsigira," akadaro. "Patove nerutsigiro rwakanaka padanho reraibhurari, uye Chrome neFirefox inogonesa TLS 1.3 nekukasira."
Mukufanana, TLS iri kupera muboka rekushanda reIETF
Rondedzero yeazvino TLS 1.3 mashandisirwo inowanikwa paGithub kune chero anotsvaga raibhurari yakakodzera kwazvo:
Chii chakachinja kubva TLS 1.2?
Of
“TLS 1.3 inoita sei kuti nyika ive nzvimbo iri nani?
TLS 1.3 inosanganisira mamwe mabhenefiti ehunyanzvi - senge akarerutsirwa ekubata maoko maitiro kuti amisikidze yakachengeteka yekubatanidza - uye zvakare inobvumira vatengi kuti vakurumidze kutangazve maseva nemaseva. Aya matanho anoitirwa kudzikisa yekubatanidza kuseta latency uye kutadza kwekubatanidza pane zvisina kusimba zvinongedzo, izvo zvinowanzo shandiswa sechikonzero chekupa chete isina kuvharirwa HTTP kubatana.
Zvakatonyanya kukosha, inobvisa tsigiro yenhaka yakati wandei uye kusachengeteka encryption uye hashing algorithms ichiri kubvumidzwa (kunyangwe isingakurudzirwe) kuti ishandiswe neshanduro dzekare dzeTLS, kusanganisira SHA-1, MD5, DES, 3DES, uye AES-CBC. kuwedzera rutsigiro rwema cipher suites matsva. Zvimwe zvigadziriso zvinosanganisira zvimwe zvakavharidzirwa zvekubata maoko (semuenzaniso, kuchinjana kweruzivo rwechitupa ikozvino kwakavharidzirwa) kudzikisa huwandu hwezviratidzo kune angangoita traffic traffic, pamwe nekuvandudzwa kwekutumira zvakavanzika kana uchishandisa mamwe makiyi ekutsinhana modhi kuitira kuti kutaurirana. nguva dzese dzinofanirwa kuramba dzakachengeteka kunyangwe maalgorithms anoshandiswa kuivharira akakanganiswa mune ramangwana. "
Kuvandudzwa kwemaprotocol emazuva ano uye DDoS
Sezvaungave watoverenga, panguva yekuvandudzwa kweprotocol
Zvikonzero nei izvi zvingadikanwa zvakanyorwa mugwaro,
Nepo isu tisina kugadzirira kufungidzira pamusoro pezvinodikanwa zvekutonga, yedu proprietary DDoS kuderedza chigadzirwa (kusanganisira mhinduro
Zvakare, kubva pakuitwa, hapana matambudziko ane chekuita nekutakura encryption akaonekwa. Zviri pamutemo: TLS 1.3 yakagadzirira kugadzirwa.
Nekudaro, pachine dambudziko rakabatana nekuvandudzwa kwechizvarwa chinotevera protocol. Dambudziko nderekuti kufambira mberi kweprotocol muIETF kunowanzoenderana nekutsvagisa kwedzidzo, uye mamiriro ekutsvagisa kwedzidzo mundima yekuderedza kuparadzirwa kwekuramba-sevhisi kurwiswa kwakashata.
Saka, muenzaniso wakanaka ungave
Iyo yekupedzisira, kutaura zvazviri, isingawanzo kuwanikwa munzvimbo dzemabhizinesi chaiwo (uye inongoshanda zvishoma kune ISPs), uye chero zvazvingaite hazvigone kuve "nyaya yakajairwa" munyika chaiyo - asi inogara ichionekwa muzvinyorwa zvesainzi, kazhinji isingatsigirwi. nekuyedza iyo yese spectrum yekugona DDoS kurwiswa, kusanganisira application level kurwiswa. Iyo yekupedzisira, nekuda kweinenge kutumirwa kwepasirese kweTLS, zviri pachena kuti haigone kuwonekwa nekuyerwa kusingaite kwetiweki mapaketi uye kuyerera.
Saizvozvo, isu hatisati taziva kuti DDoS yekudzikisa hardware vatengesi vanozoenderana sei nezviri kuitika zveTLS 1.3. Nekuda kwekuoma kwehunyanzvi hwekutsigira kunze-kwe-bhendi protocol, kukwidziridzwa kunogona kutora nguva.
Kuisa zvibodzwa zvakanaka zvekutungamira kutsvagisa idambudziko rakakura kune DDoS yekudzikisa masevhisi vanopa. Imwe nzvimbo iyo budiriro inogona kutanga ndeye
Source: www.habr.com