Ekuqaleni konyaka, kwingxelo malunga neengxaki ze-Intanethi kunye nokufikeleleka kwe-2018-2019 ukuba ukusasazeka kwe-TLS 1.3 akunakuphepheka. Kwixesha elidlulileyo, thina ngokwethu sasasaza inguqulelo 1.3 ye-Transport Layer Security protocol kwaye, emva kokuqokelela kunye nokuhlalutya idatha, ekugqibeleni sikulungele ukuthetha ngeempawu zolu tshintsho.
OoSihlalo beQela eliSebenzayo le-IETF TLS :
Ngamafutshane, i-TLS 1.3 kufuneka ibonelele ngesiseko se-Intanethi ekhuselekileyo nesebenzayo kule minyaka ingama-20 izayo.
Phuhliso yathatha iminyaka eyi-10. Thina kwiiLabhu zeQrator, kunye nalo lonke ishishini, silandele ngokusondeleyo inkqubo yokudala iprotocol ukusuka kwidrafti yokuqala. Ngeli xesha, bekuyimfuneko ukubhala iinguqulelo ezingama-28 ezilandelelanayo zoyilo ukuze ekugqibeleni ubone ukukhanya kweprotocol elungeleleneyo kwaye kulula ukuyihambisa ngo-2019. Inkxaso yemarike esebenzayo ye-TLS 1.3 sele ibonakala: ukuphunyezwa kweprotocol yokhuseleko eqinisekisiweyo nethembekileyo ihlangabezana neemfuno zamaxesha.
Ngokuka-Eric Rescorla (iFirefox CTO kunye nombhali yedwa we-TLS 1.3) :
"Oku kukutshintshwa okupheleleyo kwe-TLS 1.2, usebenzisa izitshixo kunye nezatifikethi ezifanayo, ngoko umxhasi kunye nomncedisi unokunxibelelana ngokuzenzekelayo nge-TLS 1.3 ukuba bobabini bayayixhasa," watsho. "Sele kukho inkxaso elungileyo kwinqanaba lethala leencwadi, kwaye iChrome kunye neFirefox yenza iTLS 1.3 ngokuzenzekelayo."
Ngokunxuseneyo, i-TLS iphelela kwiqela elisebenzayo le-IETF , ukubhengeza iinguqulelo ezindala ze-TLS (kungabandakanywanga kuphela i-TLS 1.2) eziphelelwe lixesha kwaye azisebenziseki. Ngokunokwenzeka, i-RFC yokugqibela iya kukhutshwa ngaphambi kokuphela kwehlobo. Lo ngomnye umqondiso kwishishini le-IT: ukuhlaziya i-encryption protocols akufuneki ukubambezeleka.
Uluhlu lwangoku lwe-TLS 1.3 yomiliselo luyafumaneka kwi-Github kuye nabani na okhangela elona thala leencwadi lifanelekileyo: . Kucacile ukuba ukwamkelwa kunye nenkxaso yeprotocol ehlaziyiweyo iya kuba-kwaye sele iqhubela phambili ngokukhawuleza. Ukuqonda indlela uguqulelo olusisiseko oluye lwaba ngayo kwihlabathi lanamhlanje kuye kwasasazeka ngokubanzi.
Yintoni etshintshileyo ukususela kwi-TLS 1.2?
Из :
“I-TLS 1.3 ilenza njani ilizwe libe yindawo engcono?
I-TLS 1.3 ibandakanya iingenelo ezithile zobugcisa-ezifana nenkqubo yokuxhawula izandla ngokulula ukuseka unxibelelwano olukhuselekileyo-kwaye ivumela abathengi ukuba baqalise ngokukhawuleza iiseshoni kunye neeseva. La manyathelo ajoliswe ekunciphiseni ukuseta unxibelelwano lwe-latency kunye nokungaphumeleli koxhulumaniso kwiikhonkco ezibuthathaka, ezihlala zisetyenziswa njengesizathu sokubonelela kuphela uqhagamshelwano lwe-HTTP olungafihlwanga.
Ngokubaluleke kakhulu, isusa inkxaso yelifa kunye nokungakhuselekanga koguqulelo oluntsonkothileyo kunye ne-hashing algorithms esavumelekileyo (nangona ingakhuthazwa) ukuba isetyenziswe kwiinguqulelo zangaphambili ze-TLS, kuquka i-SHA-1, MD5, DES, 3DES, kunye ne-AES-CBC. Ukongeza inkxaso yeesuite ze-cipher ezintsha. Olunye uphuculo lubandakanya izinto ezifihliweyo zokuxhawula isandla (umzekelo, utshintshiselwano ngolwazi lwesatifikethi lufihliwe ngoku) ukunciphisa inani leengcebiso kumntu onokuthi abe yi-traffic eavesdropper, kunye nokuphuculwa kokuthunyelwa kwemfihlo xa usebenzisa iindlela ezithile zotshintshiselwano olungundoqo ukuze unxibelelwano. ngawo onke amaxesha kufuneka ihlale ikhuselekile nokuba i-algorithms esetyenzisiweyo ukuyifihla ichaphazeleka kwixesha elizayo. "
Ukuphuhliswa kweeprothokholi zanamhlanje kunye neDDoS
Njengoko usenokuba sele ufunde, ngexesha lophuhliso lweprotocol , kwiqela elisebenzayo le-IETF TLS . Ngoku kucacile ukuba amashishini ngamanye (kubandakanywa namaziko emali) kuya kufuneka atshintshe indlela akhusela ngayo uthungelwano lwawo ukuze avumelane neprotocol ngoku eyakhelwe-ngaphakathi. .
Izizathu zokuba kutheni oku kungafunwa zibekiwe kuxwebhu, . Iphepha elinamaphepha angama-20 likhankanya imizekelo emininzi apho ishishini linokufuna ukuguqulela indlela entsonkothileyo ngaphandle kwe-band (engayivumeli iPFS) ukubeka iliso, ukuthotyelwa okanye umaleko wesicelo (L7) iinjongo zokukhusela iDDoS.
Ngelixa ngokuqinisekileyo singakulungelanga ukuqikelela iimfuno zolawulo, isicelo sethu sobunini bemveliso yokunciphisa i-DDoS (kubandakanya isisombululo ulwazi olunovakalelo kunye/okanye oluyimfihlo) lwenziwa ngo-2012 luthathela ingqalelo i-PFS, ngoko ke abathengi bethu kunye namaqabane abakhange bafune ukwenza naluphi na utshintsho kwiziseko zabo emva kokuhlaziya inguqulelo yeTLS kwicala leseva.
Kwakhona, ukususela ekuphunyezweni, akukho zingxaki ezinxulumene ne-encryption yokuthutha ziye zachongwa. Kusemthethweni: I-TLS 1.3 ilungele ukuveliswa.
Nangona kunjalo, kusekho ingxaki ehambelana nokuphuhliswa kwemigaqo yesizukulwana esilandelayo. Ingxaki kukuba inkqubela yeprothokholi kwi-IETF ixhomekeke kakhulu kuphando lwezemfundo, kwaye imeko yophando lwezifundo kwindawo yokunciphisa uhlaselo olusasazwayo lokukhanyela-inkonzo imbi.
Ngoko, umzekelo omhle uya kuba Uyilo lwe-IETF “lokuLawulwa kwe-QUIC,” inxalenye ye-QUIC protocol suite ezayo, ithi “iindlela zangoku zokubona nokunciphisa [uhlaselo lwe-DDoS] zibandakanya ukulinganisa okungenziwayo kusetyenziswa idatha yokuhamba kwenethiwekhi.”
Le yokugqibela, eneneni, inqabile kakhulu kwiindawo zeshishini lokwenyani (kwaye iyasebenza ngokuyinxenye kwii-ISPs), kwaye kuyo nayiphi na imeko ayinakwenzeka ukuba ibe "yimeko eqhelekileyo" kwihlabathi lokwenyani - kodwa ibonakala rhoqo kushicilelo lwezenzululwazi, aluxhaswanga rhoqo. ngokuvavanya yonke i-spectrum yokuhlaselwa kwe-DDoS enokwenzeka, kubandakanywa nokuhlaselwa kwenqanaba lesicelo. Eyokugqibela, ngenxa yobuncinci yokusasazwa kwe-TLS kwihlabathi liphela, ngokucacileyo ayinakubonwa ngomlinganiselo wokwenziwa kweepakethi zenethiwekhi kunye nokuhamba.
Ngokukwanjalo, okwangoku asiyazi ukuba abathengisi be-DDoS bokunciphisa izixhobo baya kuziqhelanisa njani neenyani ze-TLS 1.3. Ngenxa yobuchwephesha obuntsonkothileyo bokuxhasa iprotocol engaphandle kwebhendi, kunokuthatha ixesha ukuhlaziya.
Ukumisela iinjongo ezifanelekileyo zokukhokela uphando ngumngeni omkhulu kubanikezeli beenkonzo zokunciphisa i-DDoS. Enye indawo apho uphuhliso lunokuqala khona kwi-IRTF, apho abaphandi banokusebenzisana noshishino ukucokisa ulwazi lwabo loshishino olucela umngeni kwaye baphonononge iindlela ezintsha zophando. Samkela ngobubele bonke abaphandi, ukuba kukho nawuphi na - sinokuqhagamshelwana nemibuzo okanye iingcebiso ezinxulumene nophando lwe-DDoS okanye iqela lophando lwe-SMART ku.
umthombo: www.habr.com