ProHoster > Блог > izindaba ze-inthanethi > I-Let's Encrypt ihoxisa izitifiketi eziyizigidi ezingu-2 ngenxa yezinkinga zokusetshenziswa kwe-TLS-ALPN-01

I-Let's Encrypt ihoxisa izitifiketi eziyizigidi ezingu-2 ngenxa yezinkinga zokusetshenziswa kwe-TLS-ALPN-01

I-Let Encrypt, isikhulu sezitifiketi ezingenzi nzuzo esilawulwa umphakathi futhi esihlinzeka ngezitifiketi mahhala kuwo wonke umuntu, simemezele ukuhoxiswa kwangaphambi kwesikhathi kwezitifiketi ze-TLS ezicishe zibe izigidi ezimbili, okungaba ngu-1% wazo zonke izitifiketi ezisebenzayo zalesi siphathimandla sokunikeza izitifiketi. Ukuhoxiswa kwezitifiketi kwaqalwa ngenxa yokuhlonza ukungahambisani nezidingo zokucaciswa kukhodi esetshenziswe kokuthi Masibethele ngokusetshenziswa kwesandiso se-TLS-ALPN-01 (RFC 7301, Ingxoxo Yephrothokholi Yesendlalelo Sesicelo). Umehluko ube ngenxa yokuntuleka kokuhlola okuthile okwenziwa phakathi nenqubo yezingxoxo zokuxhuma ngokusekelwe kusandiso se-ALPN TLS esisetshenziswe ku-HTTP/2. Imininingwane enemininingwane ngesigameko izoshicilelwa ngemuva kokuqedwa kokuhoxiswa kwezitifiketi eziyinkinga.

Ngomhla zingama-26 kuJanuwari ngo-03:48 (MSK) inkinga yalungiswa, kodwa zonke izitifiketi ezikhishwe kusetshenziswa indlela ye-TLS-ALPN-01 yokuqinisekiswa zinqunywe ukuthi azivumelekile. Ukuhoxiswa kwezitifiketi kuzoqala ngoJanuwari 28 ngo-19:00 (MSK). Kuze kube yilesi sikhathi, abasebenzisi abasebenzisa indlela yokuqinisekisa ye-TLS-ALPN-01 bayelulekwa ukuthi babuyekeze izitifiketi zabo, ngaphandle kwalokho zizokwenziwa ezingavumelekile kusenesikhathi.

Izaziso mayelana nesidingo sokuvuselela izitifiketi zithunyelwe nge-imeyili. Abasebenzisi abasebenzisa i-Certbot namathuluzi aphelelwe amanzi emzimbeni ukuthola izitifiketi ezinezilungiselelo ezizenzakalelayo abathinteki yinkinga. Indlela ye-TLS-ALPN-01 isekelwa kumaphakheji e-Caddy, Traefik, Apache mod_md, kanye ne-autocert. Ungaqinisekisa ubuqiniso bezitifiketi zakho ngokusesha izihlonzi, izinombolo zochungechunge, noma i-доменов ohlwini lwezitifiketi eziyinkinga.

Njengoba izinguquko zithinta ukuziphatha lapho kuhlolwa kusetshenziswa indlela ye-TLS-ALPN-01, ukubuyekeza iklayenti le-ACME noma ukushintsha izilungiselelo (Caddy, bitnami/bn-cert, autocert, apache mod_md, Traefik) kungase kudingeke ukuze uqhubeke nokusebenza. Izinguquko zibandakanya ukusetshenziswa kwezinguqulo ze-TLS ezingekho ngaphansi kuka-1.2 (amaklayenti ngeke esakwazi ukusebenzisa i-TLS 1.1) kanye nokuhoxiswa kwe-OID 1.3.6.1.5.5.7.1.30.1, ekhomba isandiso esiphelelwe yisikhathi se-acmeIdentifier, esisekelwa ngaphambili kuphela. okusalungiswa kokucaciswa kwe-RFC 8737 (uma ukhiqiza isitifiketi, manje Kuphela i-OID 1.3.6.1.5.5.7.1.31 evunyelwe, futhi amaklayenti asebenzisa i-OID 1.3.6.1.5.5.7.1.30.1 ngeke akwazi ukuthola isitifiketi).

Source: opennet.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster