I-GitHub inqume ukumisa ukusekelwa kwe-TLS 1.0 no-1.1 endaweni yephakeji ye-NPM kanye nawo wonke amasayithi ahlotshaniswa nomphathi wephakheji we-NPM, okuhlanganisa i-npmjs.com. Kusukela ngomhla ka-4 Okthoba, ukuxhuma endaweni yokugcina, okuhlanganisa ukufaka amaphakheji, kuzodinga iklayenti elisekela okungenani i-TLS 1.2. Ku-GitHub ngokwayo, ukusekelwa kwe-TLS 1.0/1.1 kwanqanyulwa emuva ngoFebhuwari 2018. Inhloso kuthiwa ukukhathazeka ngokuvikeleka kwezinsizakalo zayo kanye nokugcinwa kuyimfihlo kwedatha yomsebenzisi. Ngokusho kwe-GitHub, cishe u-99% wezicelo kunqolobane ye-NPM sezivele zenziwe kusetshenziswa i-TLS 1.2 noma i-1.3, futhi i-Node.js ifake ukusekelwa kwe-TLS 1.2 kusukela ngo-2013 (kusukela ngo-0.10), ngakho-ke ushintsho luzothinta ingxenye encane kuphela abasebenzisi.
Masikhumbule ukuthi izivumelwano ze-TLS 1.0 kanye ne-1.1 ziye zahlukaniswa ngokusemthethweni njengobuchwepheshe obuphelelwe yisikhathi yi-IETF (Internet Engineering Task Force). Ukucaciswa kwe-TLS 1.0 kwashicilelwa ngoJanuwari 1999. Eminyakeni eyisikhombisa kamuva, isibuyekezo se-TLS 1.1 sakhululwa ngokuthuthukiswa kokuvikeleka okuhlobene nokukhiqizwa kwama-vector okuqalisa kanye nama-padding. Phakathi kwezinkinga eziyinhloko ze-TLS 1.0/1.1 ukuntula ukusekelwa kwama-ciphers esimanje (isibonelo, i-ECDHE ne-AEAD) kanye nokuba khona ekucacisweni kwemfuneko yokusekela ama-ciphers amadala, ukuthembeka kwawo okubuzwayo esigabeni samanje ukuthuthukiswa kobuchwepheshe bekhompyutha (isibonelo, usekelo lwe-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA luyadingeka ukuze kuhlolwe ubuqotho nokuqinisekisa kusetshenziswa i-MD5 ne-SHA-1). Ukusekelwa kwama-algorithms aphelelwe yisikhathi sekuvele kuholele ekuhlaselweni okufana ne-ROBOT, DROWN, BEAST, Logjam ne-FREAK. Kodwa-ke, lezi zinkinga azizange zibhekwe ngokuqondile njengobungozi bephrothokholi futhi zaxazululwa ngezinga lokusetshenziswa kwayo. Amaphrothokholi e-TLS 1.0/1.1 ngokwawo awanawo ubungozi obubalulekile obungasetshenziswa ukuze kuhlaselwe okwenzekayo.
Source: opennet.ru