ProHoster > Ibhulogi > iindaba ze-intanethi > I-Let Encrypting irhoxisa izigidi ezi-2 zezatifikethi ngenxa yeengxaki zokuphunyezwa kwe-TLS-ALPN-01

I-Let Encrypting irhoxisa izigidi ezi-2 zezatifikethi ngenxa yeengxaki zokuphunyezwa kwe-TLS-ALPN-01

Masibethele, ugunyaziwe wesatifikethi esingenzi nzuzo olawulwa luluntu kwaye unikezela ngezatifikethi simahla kuye wonke umntu, ubhengeze ukurhoxiswa kwangoko kwezatifikethi ezimalunga nezigidi ezibini ze-TLS, ezimalunga ne-1% yazo zonke izatifikethi ezisebenzayo zesi siqinisekiso. Ukurhoxiswa kwezatifikethi kwaqaliswa ngenxa yokuchongwa kokungathotyelwa kweemfuno ezibaluliweyo kwikhowudi esetyenziswa kwi-Let Encrypted ngokuphunyezwa kolwandiso lwe-TLS-ALPN-01 (RFC 7301, i-Application-Layer Protocol Negotiation). Ukungangqinelani kwakungenxa yokungabikho kwezinye iitshekhi ezenziwe ngexesha lenkqubo yothethathethwano loqhagamshelo olusekwe kulwandiso lwe-ALPN TLS olusetyenziswa kwi-HTTP/2. Iinkcukacha ezithe vetshe ngesi siganeko ziya kupapashwa emva kokurhoxiswa kwezatifikethi eziyingxaki.

NgoJanuwari 26 ngo-03:48 (MSK) ingxaki yalungiswa, kodwa zonke izatifikethi ezazikhutshwe kusetyenziswa indlela ye-TLS-ALPN-01 yokuqinisekiswa kwagqitywa ekubeni zingabi nakusebenza. Ukurhoxiswa kwezatifikethi kuya kuqala ngoJanuwari 28 ngo-19:00 (MSK). De kube leli xesha, abasebenzisi abasebenzisa indlela yokungqinisisa ye-TLS-ALPN-01 bayacetyiswa ukuba bahlaziye izatifikethi zabo, kungenjalo ziya kwenziwa zingasebenzi kwangethuba.

Izaziso ezifanelekileyo malunga nesidingo sokuhlaziya izatifikethi zithunyelwa nge-imeyile. Abasebenzisi abasebenzisa iCertbot kunye nezixhobo zokuphelelwa ngamanzi emzimbeni ukuze bafumane isatifikethi abachaphazelekanga ngumba xa besebenzisa useto olungagqibekanga. Indlela ye-TLS-ALPN-01 ixhaswa kwiCaddy, Traefik, apache mod_md kunye neepakethe ze-autocert. Ungajonga ukuchaneka kwezatifikethi zakho ngokukhangela izazisi, iinombolo zothotho okanye imimandla kuluhlu lwezatifikethi eziyingxaki.

Ekubeni utshintsho luchaphazela ukuziphatha xa kuhlolwa usebenzisa indlela ye-TLS-ALPN-01, ukuhlaziya umxhasi we-ACME okanye ukutshintsha izicwangciso (Caddy, bitnami / bn-cert, autocert, apache mod_md, Traefik) kunokufuneka ukuba uqhubeke nokusebenza. Utshintsho lubandakanya ukusetyenziswa kweenguqulelo zeTLS ezingekho ngaphantsi kwe-1.2 (abaxumi abasayi kuphinda basebenzise i-TLS 1.1) kunye nokuchithwa kwe-OID 1.3.6.1.5.5.7.1.30.1, echonga ulwandiso lwe-acmeIdentifier ephelelwe lixesha, exhaswa kuphela ngaphambili. uyilo lwenkcazo ye-RFC 8737 (xa uvelisa isatifikethi, ngoku Kuphela i-OID 1.3.6.1.5.5.7.1.31 ivumelekile, kwaye abathengi abasebenzisa i-OID 1.3.6.1.5.5.7.1.30.1 abayi kukwazi ukufumana isatifikethi).

umthombo: opennet.ru

Yongeza izimvo