Umutekano ntukiri amahitamo, ahubwo ni amasomo asabwa kuri buri wese ukora ikoranabuhanga rya interineti. HTTP, HTTPS, SSL, TLS - Urumva mubyukuri ibibera inyuma? Muri iyi ngingo, tuzasobanura logique yibanze ya protocole y'itumanaho rya kijyambere ihishe mu buryo bw'abalayiki kandi babigize umwuga, kandi tugufashe kumva amabanga "inyuma y'ifunga" hamwe n'imbonerahamwe igaragara.
Kuki HTTP "idafite umutekano"? --- Intangiriro
Wibuke ko imburi imenyerewe?
"Ihuza ryawe ntabwo ryiherereye."
Iyo urubuga rudakoresheje HTTPS, amakuru yumukoresha yose aranyuze kumurongo murirusange. Ijambobanga ryinjira, nimero yikarita ya banki, ndetse nibiganiro byihariye birashobora gufatwa na hackeri uhagaze neza. Intandaro yabyo ni HTTP yo kubura ibanga.
Nigute HTTPS, n "" umunyezamu "inyuma yayo, TLS, yemerera amakuru gutembera neza kuri enterineti? Reka tubigabanye kumurongo.
HTTPS = HTTP + TLS / SSL --- Imiterere nibitekerezo byingenzi
1. HTTPS ni iki muri rusange?
HTTPS (HyperText Transfer Protocol Secure) = HTTP + Encryption layer (TLS / SSL)
○ HTTP: Ibi bishinzwe gutwara amakuru, ariko ibirimo biragaragara muburyo bworoshye
○ TLS / SSL: Itanga "gufunga kuri encryption" kugirango itumanaho rya HTTP, ihindure amakuru mu gihirahiro uwayohereje kandi yakiriye wenyine ni we ushobora gukemura.
Igishushanyo 1: HTTP vs amakuru ya HTTPS.
"Funga" muri aderesi ya mushakisha ni ibendera ry'umutekano rya TLS / SSL.
2. Ni irihe sano riri hagati ya TLS na SSL?
○ SSL (Umutekano Sockets Layeri): Porotokole ya mbere ya kriptografiya, wasangaga ifite intege nke zikomeye.
○ TLS (Umutekano wo gutwara abantu): Uzasimbura SSL, TLS 1.2 hamwe na TLS 1.3 igezweho, itanga iterambere ryinshi mumutekano no mubikorwa.
Muri iyi minsi, "SSL ibyemezo" ni ugushyira mubikorwa protocole ya TLS, gusa yitwa kwaguka.
Byimbitse muri TLS: Cryptographic Magic Inyuma ya HTTPS
1. Gutembera intoki byakemuwe neza
Urufatiro rwa TLS itumanaho ryizewe ni imbyino yo guhana intoki mugihe cyo gushiraho. Reka dusenye TLS isanzwe yo guhana intoki:
Igishushanyo 2: Ubusanzwe TLS yo guhana intoki.
1️⃣ Gushiraho TCP
Umukiriya (urugero, mushakisha) atangiza TCP ihuza seriveri (icyambu gisanzwe 443).
2️⃣ TLS Intoki
Li Umukiriya Mwaramutse: Mucukumbuzi yohereza verisiyo ya TLS, cipher, na numero idahwitse hamwe na Serveri Yerekana (SNI), ibwira seriveri izina ryayo ryifuza kubona (rifasha gusangira IP kurubuga rwinshi).
○ Seriveri Mwaramutse & Icyemezo Ikibazo: Seriveri ihitamo verisiyo ya TLS ikwiye na cipher, hanyuma yohereza icyemezo cyayo (hamwe nurufunguzo rusange) nimibare idasanzwe.
Kwemeza ibyemezo: Mucukumbuzi igenzura seriveri ya seriveri kugeza kumurongo wizewe CA kugirango urebe ko itahimbwe.
Generation Urufunguzo rwibanze: Mucukumbuzi itanga urufunguzo rwibanze, rusobeka hamwe nurufunguzo rusange rwa seriveri, kandi rwohereza kuri seriveri. Amashyaka abiri aganira urufunguzo rwamasomo: Ukoresheje imibare yimpande zombi nurufunguzo rwibanze, umukiriya na seriveri babara urufunguzo rumwe rwibanga.
Kurangiza gufatana urunana: Impande zombi zohererezanya ubutumwa "Byarangiye" kandi byinjira mu ibanga ryogukwirakwiza amakuru.
3️⃣ Kohereza amakuru neza
Serivisi zose za serivise zifatanije hamwe nurufunguzo rwamasomo rwaganiriweho neza, kabone niyo rwahagarikwa hagati, ni agatsiko k "kode yuzuye".
4️⃣ Gusubiramo
TLS yongeye gushyigikira Isomo, rishobora kunoza imikorere mukwemerera umukiriya umwe gusimbuka ukuboko kurambiranye.
Igikoresho kidasanzwe (nka RSA) gifite umutekano ariko kiratinda. Symmetric encryption irihuta ariko urufunguzo rwo gukwirakwiza ruragoye. TLS ikoresha "intambwe-ebyiri" ingamba-ubanza uburyo butemewe bwo guhanahana urufunguzo hanyuma gahunda ihuriweho kugirango ihishe neza amakuru.
2. Algorithm ubwihindurize no kunoza umutekano
RSA na Diffie-Hellman
RSA
Byakoreshejwe bwa mbere mugihe cya TLS ukuboko kugirango ukwirakwize neza urufunguzo rwamasomo. Umukiriya atanga urufunguzo rwamasomo, arusobora hamwe nurufunguzo rusange rwa seriveri, kandi arwohereza kugirango seriveri yonyine ibashe kubifungura.
○ Diffie-Hellman (DH / ECDH)
Kuva TLS 1.3, RSA ntigikoreshwa muburyo bwo guhanahana amakuru kugirango habeho algorithm ya DH / ECDH itekanye ishyigikira ibanga ryimbere (PFS). Nubwo urufunguzo rwihariye rwamenyekanye, amakuru yamateka ntashobora gufungurwa.
| Inyandiko ya TLS | urufunguzo rwo Guhana Algorithm | Umutekano |
| TLS 1.2 | RSA / DH / ECDH | Hejuru |
| TLS 1.3 | gusa kuri DH / ECDH | Birenzeho |
Inama zifatika abimenyereza guhuza ibikorwa bagomba kumenya
Up kuzamura ibyambere kuri TLS 1.3 kugirango byihuse kandi byizewe neza.
Gushoboza cipher zikomeye (AES-GCM, ChaCha20, nibindi) kandi uhagarike algorithm idakomeye hamwe na protocole idafite umutekano (SSLv3, TLS 1.0);
Kugena HSTS, OCSP Stapling, nibindi kugirango utezimbere muri rusange kurinda HTTPS;
Kuvugurura buri gihe no gusubiramo urunigi rw'icyemezo kugirango umenye agaciro n'ubusugire bw'urunigi rwo kwizerana.
Umwanzuro & Ibitekerezo: Ese koko ubucuruzi bwawe bufite umutekano?
Kuva kuri HTTP yoroheje kugeza kuri HTTPS ihishe neza, ibisabwa byumutekano byahindutse inyuma ya buri kuzamura protocole. Nka nkingi yifatizo ryitumanaho ryibanga mu miyoboro igezweho, TLS ihora yitezimbere kugirango ihangane n’ibitero bigenda byiyongera.
Ubucuruzi bwawe bumaze gukoresha HTTPS? Ibikoresho bya crypto yawe bihuye nibikorwa byiza byinganda?
Igihe cyo kohereza: Jul-22-2025
