I-ExpressVPN ibhengeze ukuphunyezwa komthombo ovulekileyo we-Lightway protocol, eyenzelwe ukufikelela kumaxesha amancinci okuseta ngelixa igcina inqanaba eliphezulu lokhuseleko kunye nokuthembeka. Ikhowudi ibhalwe ngolwimi C kwaye isasazwe phantsi kwelayisensi ye-GPLv2. Ukuphunyezwa kuhambelana kakhulu kwaye kuhambelana nemigca engamawaka amabini ekhowudi. Inkxaso echazwe kwi-Linux, iWindows, i-macOS, i-iOS, iiplatifomu ze-Android, ii-routers (Asus, Netgear, Linksys) kunye neziphequluli. INdibano ifuna ukusetyenziswa kweenkqubo zendibano zasemhlabeni kunye neCeedling. Ukuphunyezwa kupakishwe njengethala leencwadi onokulisebenzisa ukudibanisa umxhasi weVPN kunye nokusebenza kweseva kwizicelo zakho.
Ikhowudi isebenzisa imisebenzi ye-cryptographic eyakhiwe kwangaphambili, eqinisekisiweyo ebonelelwe yilayibrari ye-wolfSSL, esele isetyenziswe kwi-FIPS 140-2 izisombululo eziqinisekisiweyo. Kwimodi eqhelekileyo, iprotocol isebenzisa i-UDP yokuhanjiswa kwedatha kunye ne-DTLS ukwenza umjelo wonxibelelwano ofihliweyo. Njengenketho yokuqinisekisa ukusebenza kwiinethiwekhi ze-UDP ezingathembekiyo okanye ezithintelweyo, umncedisi unikezela ngokuthembeka ngakumbi, kodwa okucothayo, imodi yokusakaza evumela ukuba idatha idluliselwe kwi-TCP kunye ne-TLSv1.3.
Iimvavanyo eziqhutywe yi-ExpressVPN zibonise ukuba xa kuthelekiswa neeprothokholi ezindala (i-ExpressVPN isekela i-L2TP / IPSec, i-OpenVPN, i-IKEv2, i-PPTP, i-WireGuard kunye ne-SSTP, kodwa ayicacisi ukuba yintoni kanye kanye eyayithelekiswa), ukutshintshela kwi-Lightway ukunciphisa ixesha lokuseta uxhulumaniso kumyinge wamaxesha e-2.5 (kwi- ngaphezu kwesiqingatha samatyala umjelo wonxibelelwano wenziwa ngaphantsi kwesibini). Iprotocol entsha yenza ukuba kube lula ukunciphisa inani lokuqhawula uxhulumaniso nge-40% kwiinethiwekhi zeselula ezingathembekiyo ezineengxaki ngomgangatho wonxibelelwano.
Ukuphuhliswa kwereferensi yokuphunyezwa kweprotocol kuya kwenziwa kwi-GitHub, kunye nethuba lokuba abameli boluntu bathathe inxaxheba kuphuhliso (ukudlulisa utshintsho, kufuneka usayine isivumelwano se-CLA malunga nokudluliselwa kwamalungelo epropati kwikhowudi). Abanye ababoneleli beVPN bayamenywa ukuba basebenzisane, njengoko banokusebenzisa iprotocol ecetywayo ngaphandle kwezithintelo.
Ukhuseleko lokuphunyezwa kwaqinisekiswa ngumphumo wophicotho oluzimeleyo olwenziwa yiCure53, eyathi yaphonononga i-NTPsec, SecureDrop, Cryptocat, F-Droid kunye neDovecot. Uphicotho-zincwadi lubandakanya uqinisekiso lweekhowudi zomthombo kwaye luquke neemvavanyo zokuchonga ubuthathaka obunokubakho (imiba enxulumene nokubhalwa ngokufihlakeleyo ayizange iqwalaselwe). Ngokuqhelekileyo, umgangatho wekhowudi ulinganiswe njengophezulu, kodwa, nangona kunjalo, uvavanyo luveze ubuthathaka obuthathu obunokubangela ukukhanyela inkonzo, kunye nobuthathaka obunye obuvumela ukuba iprotocol isetyenziswe njenge-amplifier ye-traffic ngexesha lokuhlaselwa kwe-DDoS. Ezi ngxaki sele zilungisiwe, kwaye izimvo ezenziwe ekuphuculeni ikhowudi ziye zaqwalaselwa. Uphicotho lukwajonge ubuthathaka obaziwayo kunye nemiba kumacandelo eqela lesithathu elibandakanyekayo, njenge-libdnet, WolfSSL, Unity, Libuv kunye ne-lua-crypt. Imiba ininzi encinci, ngaphandle kwe-MITM kwiWolfSSL (CVE-2021-3336).
umthombo: opennet.ru