Isiqingatha seendawo
/Flickr/
POODLE
Okokuqala malunga nohlaselo
Ubume bayo buhamba ngolu hlobo lulandelayo: i-hacker inyanzelisa umxhasi ukuba adibanise nge-SSL 3.0, exelisa ikhefu loqhagamshelwano. Emva koko ikhangele kwi-encrypted
I-SSL 3.0 yiprothokholi ephelelwe lixesha. Kodwa umbuzo wokhuseleko lwakhe usasebenza. Abathengi bayisebenzisela ukuphepha imiba yokuhambelana kunye neeseva. Ngokwedatha ethile, phantse i-7% yeendawo ezingamawaka ezili-100 ezidumileyo
Indlela yokuzikhusela. Kwimeko yePOODLE yoqobo, kufuneka ukhubaze inkxaso ye-SSL 3.0. Nangona kunjalo, kule meko kukho umngcipheko weengxaki zokuhambelana. Esinye isisombululo sinokuba yindlela ye-TLS_FALLBACK_SCSV - iqinisekisa ukuba utshintshiselwano lwedatha nge-SSL 3.0 luya kuqhutywa kuphela ngeenkqubo ezindala. Abahlaseli abasayi kuphinda bakwazi ukuqalisa ukuthotywa kweprotocol. Indlela yokukhusela kwiZombie POODLE kunye neGOLDENDOODLE kukukhubaza inkxaso yeCBC kwi-TLS 1.2-based based applications. Isisombululo sekhadinali siya kuba yinguqu kwi-TLS 1.3 - inguqu entsha yeprotocol ayisebenzisi i-encryption ye-CBC. Endaweni yoko, kusetyenziswa i-AES eyomelele ngakumbi kunye ne-ChaCha20.
Irhamncwa
Olunye lohlaselo lokuqala lwe-SSL kunye ne-TLS 1.0, olufunyenwe kwi-2011. Njengo-POODLE, BEAST
Ukusukela namhlanje, ubuthathaka be-BEAST busekhona
Indlela yokuzikhusela. Umhlaseli kufuneka athumele izicelo rhoqo zokucima idatha. KwiVMware
AMANZI
Olu luhlaselo lweprotocol olunqamlezayo olusebenzisa iibhugi ekuphunyezweni kwe-SSLv2 ngezitshixo ezingama-40 zeRSA. Umhlaseli uphulaphule amakhulu oqhagamshelwano lwe-TLS ekujoliswe kulo kwaye athumele iipakethi ezikhethekileyo kwi-SSLv2 iseva usebenzisa iqhosha elifanayo labucala. Ukusebenzisa
IDROWN yaqala ukwaziwa ngo-2016 - emva koko kwaba njalo
Indlela yokuzikhusela. Kuyimfuneko ukufakela iipetshi ezicetyiswe ngabaphuhlisi bamathala eencwadi e-cryptographic akhubaza inkxaso ye-SSLv2. Umzekelo, iipatches ezimbini ezinjalo zanikwa i-OpenSSL (ngo-2016
"Isixhobo sinokuba sesichengeni se-DROWN ukuba izitshixo zayo zisetyenziswa ngumncedisi womntu wesithathu nge-SSLv2, njengeseva ye-imeyile," iphawula intloko yesebe lophuhliso.
Umboneleli we-IaaS 1cloud.ru USergei Belkin. Le meko yenzeka ukuba abancedisi abaninzi basebenzisa isatifikethi se-SSL esiqhelekileyo. Kule meko, kufuneka ucime inkxaso ye-SSLv2 kubo bonke oomatshini."
Ungajonga ukuba ingaba isixokelelwano sakho sifuna ukuhlaziywa usebenzisa eyodwa
Intliziyo
Obona buthathaka bukhulu kwisoftware
Uhlaselo luphunyezwa ngemodyuli encinci ye-Heartbeat TLS yokwandisa. Iprotocol ye-TLS ifuna ukuba idatha idluliselwe ngokuqhubekayo. Kwimeko yokuphumla kwexesha elide, ikhefu lenzeka kwaye uxhulumaniso kufuneka lusekwe kwakhona. Ukujongana nengxaki, abancedisi kunye nabaxhasi "ingxolo" yetshaneli (
Umngcipheko wawukhona kuzo zonke iinguqulelo zethala leencwadi phakathi kwe-1.0.1 kunye ne-1.0.1f equkayo, kunye nakwinani leenkqubo zokusebenza - Ubuntu ukuya kwi-12.04.4, i-CentOS endala kune-6.5, i-OpenBSD 5.3 kunye nezinye. Kukho uluhlu olupheleleyo
Indlela yokuzikhusela. Kubalulekile
Ukutshintshwa kwesatifikethi
Indawo elawulwayo enesatifikethi se-SSL esisemthethweni ifakwe phakathi komsebenzisi kunye nomncedisi, ibamba ngenkuthalo itrafikhi. Le node ilinganisa umncedisi osemthethweni ngokubonisa isatifikethi esisebenzayo, kwaye kuyakwenzeka ukwenza uhlaselo lwe-MITM.
Ngokutsho
Indlela yokuzikhusela. Sebenzisa iinkonzo ezithembekileyo
Enye indlela yokukhusela iya kuba yinto entsha
/Flickr/
Amathuba e-HTTPS
Ngaphandle kwenani lobuthathaka, izikhulu ze-IT kunye neengcali zokhuseleko lolwazi ziqinisekile ngekamva leprotocol. Ukuphunyezwa okusebenzayo kwe-HTTPS
Kwakhona kucetywa ukuphuhlisa iteknoloji ye-SSL/TLS kusetyenziswa umatshini wokufunda-i-algorithms ehlakaniphile iya kuba noxanduva lokucoca i-traffic enobungozi. Ngoqhagamshelo lwe-HTTPS, abalawuli abanayo indlela yokufumana imixholo yemiyalezo efihliweyo, kubandakanya ukufumanisa izicelo kwi-malware. Okwangoku, iinethiwekhi ze-neural ziyakwazi ukuhluza iipakethi ezinokuba yingozi ngokuchaneka kwe-90%. (
ezifunyanisiweyo
Uninzi lohlaselo kwi-HTTPS alunxulumananga neengxaki ngeprothokholi ngokwayo, kodwa kukuxhasa iindlela zofihlo eziphelelwe lixesha. Ishishini le-IT liqala ukulahla ngokuthe ngcembe iiprothokholi zesizukulwana sangaphambili kwaye linikeze izixhobo ezitsha zokukhangela ubuthathaka. Kwixesha elizayo, ezi zixhobo ziya kuba krelekrele ngakumbi.
Iilinki ezongezelelweyo ngesihloko:
Uphuhliso kwilifu, ukhuseleko lolwazi kunye nedatha yomntu: digest ukusuka kwi-1cloud I-SSL digest: Ezona zixhobo zisebenzayo kwiHabrΓ© kunye nokunye I-VPN digest: Amanqaku entshayelelo kuHabrΓ© kunye nokunye
umthombo: www.habr.com