ProHoster > blog > Utawala > HTTPS sio salama kila wakati kama inavyoonekana. Athari zilizopatikana katika 5,5% ya tovuti za HTTPS

HTTPS sio salama kila wakati kama inavyoonekana. Athari zilizopatikana katika 5,5% ya tovuti za HTTPS

HTTPS sio salama kila wakati kama inavyoonekana. Athari zilizopatikana katika 5,5% ya tovuti za HTTPS
Moja ya tovuti za juu za Alexa (mduara wa kati), zilizolindwa na HTTPS, zilizo na vikoa vidogo (kijivu) na utegemezi (nyeupe), kati ya hizo kuna hatari (kivuli kilichopigwa)

Siku hizi, ikoni ya muunganisho salama wa HTTPS imekuwa kiwango na hata sifa muhimu ya tovuti yoyote mbaya. Kama cheti inakosekana, karibu vivinjari vyote vya hivi karibuni vinaonyesha onyo kwamba muunganisho kwenye tovuti "si salama" na usipendekeze kuhamisha habari za siri kwake.

Lakini zinageuka kuwa kuwepo kwa "lock" katika bar ya anwani sio daima kuhakikisha ulinzi. Kuangalia tovuti 10 zinazoongoza kutoka kwa ukadiriaji, Alexa ilionyesha kuwa nyingi ziko chini ya udhaifu mkubwa katika itifaki za SSL / TLS, kwa kawaida kupitia vikoa vidogo au utegemezi. Kulingana na waandishi wa utafiti, utata wa matumizi ya kisasa ya mtandao huongeza sana uso wa mashambulizi.

Matokeo ya utafiti

Utafiti huo ulifanywa na wataalamu kutoka Chuo Kikuu cha Venice Ca' Foscari (Italia) na Chuo Kikuu cha Ufundi cha Vienna. Watawasilisha ripoti ya kina katika Kongamano la 40 la IEEE kuhusu Usalama na Faragha, litakalofanyika Mei 20-22, 2019 huko San Francisco.

Orodha 10 bora za tovuti za HTTPS za Alexa na wapangishi 000 zinazohusiana zilijaribiwa. Mipangilio ya kriptografia hatarishi iligunduliwa kwa wapangishi 90, ambayo ni, takriban 816% ya jumla:

  • 4818 walio hatarini kwa MITM
  • 733 wako katika hatari ya usimbuaji kamili wa TLS
  • 912 wako katika hatari ya kusimbua kwa sehemu ya TLS

Tovuti 898 ziko wazi kabisa kwa udukuzi, yaani, zinaruhusu kudungwa kwa hati za watu wengine, na tovuti 977 hupakia maudhui kutoka kwa kurasa zilizolindwa vibaya ambazo mshambulizi anaweza kuingiliana nazo.

Watafiti wanasisitiza kuwa kati ya rasilimali 898 "zilizoathirika kabisa" ni maduka ya mtandaoni, huduma za kifedha na tovuti nyingine kubwa. Tovuti 660 kati ya 898 hupakua hati za nje kutoka kwa wapangishi walio katika mazingira magumu: hiki ndicho chanzo kikuu cha hatari. Kulingana na waandishi, ugumu wa matumizi ya kisasa ya wavuti huongeza sana uso wa shambulio.

Matatizo mengine pia yalipatikana: 10% ya fomu za uidhinishaji zina matatizo na uwasilishaji salama wa taarifa, ambayo inatishia kuvuja manenosiri, tovuti 412 huruhusu kutekwa kwa vidakuzi na utekaji nyara wa kipindi, na tovuti 543 zinakabiliwa na mashambulizi ya uadilifu wa vidakuzi (kupitia vikoa vidogo) .

Shida ni kwamba katika miaka ya hivi karibuni katika itifaki na programu za SSL / TLS kubaini udhaifu kadhaa: POODLE (CVE-2014-3566), BEAST (CVE-2011-3389), UHALIFU (CVE-2012-4929), BREACH (CVE-2013-3587), na Heartbleed (CVE-2014-0160). Ili kulinda dhidi yao, idadi ya mipangilio inahitajika kwenye seva na upande wa mteja ili kuepuka kutumia matoleo ya zamani yaliyo hatarini. Lakini huu ni utaratibu usio wa kawaida, kwa sababu mipangilio kama hiyo inahusisha kuchagua kutoka kwa seti kubwa ya ciphers na itifaki, ambayo ni vigumu kuelewa. Sio wazi kila wakati ni suti na itifaki za cipher zinazochukuliwa kuwa "salama vya kutosha".

Mipangilio iliyopendekezwa

Hakuna orodha iliyoidhinishwa rasmi na iliyokubaliwa ya mipangilio ya HTTPS inayopendekezwa. Kwa hiyo, Jenereta ya Usanidi ya Mozilla SSL inatoa chaguzi kadhaa za usanidi, kulingana na kiwango kinachohitajika cha ulinzi. Kwa mfano, hapa kuna mipangilio inayopendekezwa ya seva ya nginx 1.14.0:

Hali ya kisasa

Wateja wa zamani zaidi wanaoungwa mkono: Firefox 27, Chrome 30, IE 11 kwenye Windows 7, Edge, Opera 17, Safari 9, Android 5.0, na Java 8

server {
listen 80 default_server;
listen [::]:80 default_server;

# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;


# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

resolver <IP DNS resolver>;

....
}

Usaidizi wa kati

Wateja wa zamani zaidi wanaoungwa mkono: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7

server {
listen 80 default_server;
listen [::]:80 default_server;

# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;

# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

resolver <IP DNS resolver>;

....
}

Msaada wa zamani

Wateja wa zamani zaidi wanaoungwa mkono: Windows XP IE6, Java 6

server {
listen 80 default_server;
listen [::]:80 default_server;

# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;

# old configuration. tweak to your needs.
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

resolver <IP DNS resolver>;

....
}

Inapendekezwa kuwa kila wakati utumie suti kamili ya cipher na toleo jipya zaidi la OpenSSL. Suti ya cipher katika mipangilio ya seva inabainisha kipaumbele ambacho zitatumika, kulingana na mipangilio ya mteja.

Utafiti unaonyesha kuwa haitoshi tu kusakinisha cheti cha HTTPS. "Ingawa hatushughulikii vidakuzi kama tulivyofanya mwaka wa 2005, na 'TLS yenye heshima' imekuwa jambo la kawaida, inatokea kwamba mambo haya ya msingi hayatoshi kupata idadi kubwa ya tovuti maarufu sana," wanasema waandishi wa kazi hiyo. Ili kulinda chaneli kwa uaminifu kati ya seva na mteja, unahitaji kufuatilia kwa uangalifu miundombinu kutoka kwa vikoa vyako mwenyewe na wapangishi wengine ambao maudhui ya tovuti hutolewa. Labda ni mantiki kuagiza ukaguzi kutoka kwa kampuni ya wahusika wengine ambayo ina utaalam wa usalama wa habari.

HTTPS sio salama kila wakati kama inavyoonekana. Athari zilizopatikana katika 5,5% ya tovuti za HTTPS

Chanzo: mapenzi.com