GitHub yafunga kumisa rutsigiro rweTLS 1.0 uye 1.1 muNPM package repository uye ese masaiti ane hukama neNPM package maneja, kusanganisira npmjs.com. Kutanga Gumiguru 4, kubatana kune repository, kusanganisira kuisa mapakeji, zvinoda mutengi anotsigira kanenge TLS 1.2. PaGitHub pachayo, tsigiro yeTLS 1.0/1.1 yakamiswa kumashure muna Kukadzi 2018. Chinangwa chinonzi ndechekuchengetedza kuchengetedzwa kwemasevhisi ayo uye kuvanzika kwe data yemushandisi. Sekureva kweGitHub, ingangoita 99% yezvikumbiro kuNPM repository yakatoitwa uchishandisa TLS 1.2 kana 1.3, uye Node.js yakabatanidza rutsigiro rweTLS 1.2 kubvira 2013 (kubva pakuburitswa 0.10), saka shanduko inongokanganisa chikamu chidiki che vashandisi.
Ngatiyeukei kuti TLS 1.0 uye 1.1 maprotocol akaiswa zviri pamutemo sematekinoroji echinyakare neIETF (Internet Engineering Task Force). Iyo TLS 1.0 yakatarwa yakaburitswa muna Ndira 1999. Makore manomwe gare gare, iyo TLS 1.1 yekuvandudza yakaburitswa nekuvandudzwa kwekuchengetedza zvine chekuita nechizvarwa chekutanga mavheji uye padding. Pakati pematambudziko makuru eTLS 1.0/1.1 kushaikwa kwerutsigiro rwemaciphers emazuva ano (semuenzaniso, ECDHE neAEAD) uye kuvapo mukutsanangurwa kwechinodikanwa chekutsigira ciphers yekare, kuvimbika kwayo kunobvunzwa panguva ino ye kuvandudza tekinoroji yekombuta (semuenzaniso, rutsigiro rweTLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA runodiwa kuti utarise kutendeseka uye kutendeseka kunoshandisa MD5 neSHA-1). Tsigiro yealgorithms echinyakare yakatotungamira mukurwiswa seROBOT, DROWN, BEAST, Logjam uye FREAK. Nekudaro, matambudziko aya haana kutariswa zvakananga kukanganiswa kweprotocol uye akagadziriswa pamwero wekuita kwayo. Iyo TLS 1.0 / 1.1 maprotocol pachawo anoshaya hutete hwakanyanya hunogona kushandiswa kuita kurwisa kunoshanda.
Source: opennet.ru