I-ExpressVPN imemezele ukuqaliswa komthombo ovulekile we-Lightway protocol, eklanyelwe ukufeza izikhathi ezincane zokusetha uxhumano ngenkathi igcina izinga eliphezulu lokuphepha nokuthembeka. Ikhodi ibhalwe ngolimi C futhi isatshalaliswa ngaphansi kwelayisensi ye-GPLv2. Ukuqaliswa kuhlangene kakhulu futhi kufanelana nemigqa yekhodi eyizinkulungwane ezimbili. Kumenyezelwe ukusekelwa kwe-Linux, Windows, macOS, iOS, Android platforms, routers (Asus, Netgear, Linksys) kanye neziphequluli. Umhlangano udinga ukusetshenziswa kwezinhlelo zokuhlanganisa ze-Earth and Ceedling. Ukuqaliswa kuhlanganiswe njengomtapo wolwazi ongawusebenzisa ukuhlanganisa iklayenti le-VPN nokusebenza kweseva ezinhlelweni zakho zokusebenza.
Ikhodi isebenzisa imisebenzi ye-cryptographic eyakhelwe ngaphambili, efakazelwe enikezwe ilabhulali ye-wolfSSL, esivele isetshenziswe kuzixazululo eziqinisekisiwe ze-FIPS 140-2. Kwimodi evamile, iphrothokholi isebenzisa i-UDP ekudluliseni idatha kanye ne-DTLS ukuze idale isiteshi sokuxhumana esibethelwe. Njengenketho yokuqinisekisa ukusebenza kumanethiwekhi e-UDP angathembekile noma anemikhawulo, iseva inikeza imodi yokusakaza enokwethenjelwa, kodwa ehamba kancane, evumela idatha ukuthi idluliselwe nge-TCP ne-TLSv1.3.
Ukuhlolwa okwenziwe yi-ExpressVPN kubonise ukuthi uma kuqhathaniswa nezivumelwano ezindala (i-ExpressVPN isekela i-L2TP/IPSec, i-OpenVPN, i-IKEv2, i-PPTP, i-WireGuard ne-SSTP, kodwa ayicacisi ukuthi yini ngempela eqhathaniswe), ukushintshela ku-Lightway kunciphise isikhathi sokusetha uxhumano ngokwesilinganiso izikhathi ezingu-2.5 (ngo ngaphezu kwesigamu sezimo lapho isiteshi sokuxhumana sidalwa ngaphansi kwesekhondi). Iphrothokholi entsha iphinde yenze ukuthi kube nokwenzeka ukunciphisa inani lokunqanyulwa kokuxhumeka ngama-40% kumanethiwekhi weselula angathembekile anezinkinga ngekhwalithi yokuxhumana.
Ukuthuthukiswa kokusetshenziswa kwereferensi yephrothokholi kuzokwenziwa ku-GitHub, nethuba lokuba abameleli bomphakathi babambe iqhaza ekuthuthukisweni (ukudlulisa izinguquko, kufanele usayine isivumelwano se-CLA sokudluliselwa kwamalungelo endawo kukhodi). Abanye abahlinzeki be-VPN nabo bayamenywa ukuthi basebenzisane, njengoba bengasebenzisa iphrothokholi ehlongozwayo ngaphandle kwemingcele.
Ukuvikeleka kokuqaliswa kwaqinisekiswa umphumela wocwaningomabhuku oluzimele olwenziwa yi-Cure53, eyake yahlola i-NTPsec, i-SecureDrop, i-Cryptocat, i-F-Droid ne-Dovecot. Ukuhlola kuhlanganisa ukuqinisekiswa kwamakhodi omthombo futhi kwafaka nokuhlola ukuze kutholakale ubungozi obungase bube khona (izinkinga ezihlobene ne-cryptography azizange zicatshangelwe). Ngokuvamile, ikhwalithi yekhodi ilinganiselwe njengephezulu, kodwa, nokho, ukuhlolwa kwembula ubungozi obuthathu obungase buholele ekwenqatshweni kwesevisi, kanye nokuba sengozini okukodwa okuvumela ukuthi iphrothokholi isetshenziswe njenge-amplifier yethrafikhi ngesikhathi sokuhlaselwa kwe-DDoS. Lezi zinkinga sezilungisiwe, futhi ukuphawula okwenziwe ekuthuthukiseni ikhodi kucatshangelwe. Ucwaningo luphinde lubheke ubungozi obaziwayo nezinkinga ezingxenyeni zezinkampani zangaphandle ezihilelekile, njenge-libdnet, WolfSSL, Unity, Libuv kanye ne-lua-crypt. Izinkinga zincane kakhulu, ngaphandle kwe-MITM kuWolfSSL (CVE-2021-3336).
Source: opennet.ru