Umutekano ntukiri amahitamo, ahubwo ni amasomo asabwa kuri buri wese ukora ikoranabuhanga rya interineti. HTTP, HTTPS, SSL, TLS - Ese koko usobanukiwe ibiri kuba inyuma y'amakuru? Muri iyi nkuru, tuzasobanura ishingiro rya porogaramu zigezweho z'itumanaho zihishe mu buryo busanzwe kandi bw'umwuga, kandi tugufashe gusobanukirwa amabanga "ari inyuma y'ingufu" twifashishije imbonerahamwe y'ibikorwa.
Kuki HTTP "idafite umutekano"? --- Intangiriro
Wibuka uwo muburo uzwi wo gukoresha porogaramu ya mudasobwa?
"Ihuriro ryawe si ibanga."
Iyo urubuga rudakoresheje HTTPS, amakuru yose y'umukoresha ashyirwa ku rubuga mu buryo busanzwe. Amagambo y'ibanga yo kwinjira, nimero z'amakarita ya banki, ndetse n'ibiganiro byihariye byose bishobora gufatwa n'umujura w'amayeri uhamye. Impamvu nyamukuru y'ibi ni ukutagira uburyo bwo gukingira amakuru bwa HTTP.
None se ni gute HTTPS, na "umurinzi w'irembo" uyikurikira, TLS, bemerera amakuru gutembera neza kuri interineti? Reka tubicemo ibice bikurikira.
HTTPS = HTTP + TLS/SSL --- Imiterere n'Ibitekerezo by'Ingenzi
1. Mu by'ukuri HTTPS ni iki?
HTTPS (HyperText Transfer Protocol Secure) = HTTP + Encryption layer (TLS/SSL)
○ HTTP: Iyi ishinzwe gutwara amakuru, ariko ibikubiye muri yo bigaragara mu nyandiko isanzwe
○ TLS/SSL: Itanga "gufunga uburyo bwo gufunga amakuru" ku itumanaho rya HTTP, igahindura amakuru mo ikibazo cy’impimbano umuntu wohereje n’uwakira amakuru gusa ashobora gukemura.
Ishusho ya 1: Urujya n'uruza rw'amakuru ya HTTP ugereranije na HTTPS.
"Funga" mu mwanya wa aderesi ya browser ni ikimenyetso cy'umutekano cya TLS/SSL.
2. Ni iyihe sano iri hagati ya TLS na SSL?
○ SSL (Secure Sockets Layer): Porogaramu ya kera cyane ya cryptographic, yagaragaye ko ifite intege nke zikomeye.
○ TLS (Umutekano w'Urutonde rw'Ibintu): Iyindi yasimbuye SSL, TLS 1.2 na TLS 1.3 igezweho, itanga iterambere rikomeye mu mutekano no mu mikorere.
Muri iyi minsi, "Impamyabumenyi za SSL" ni ishyirwa mu bikorwa rya protocole ya TLS, yitwa extensions gusa.
Injira mu buryo bwimbitse muri TLS: Ubumaji bwa Cryptographic inyuma ya HTTPS
1. Uburyo bwo guhamagarana mu buryo bworoshye bwarakemutse neza
Ishingiro ry'itumanaho ritekanye rya TLS ni imbyino yo gusabana mu gihe cyo gushyiraho. Reka dusesengure uburyo busanzwe bwo gusabana mu gusabana mu gihe cya TLS:
Ishusho ya 2: Uburyo busanzwe bwo gukangurana intoki bwa TLS.
1️⃣ Gushyiraho uburyo bwo guhuza TCP
Umukiriya (urugero, mushakisha) atangiza umurongo wa TCP kuri seriveri (umuyoboro usanzwe 443).
2️⃣ Icyiciro cya TLS cyo gusabana mu ntoki
○ Muraho w'umukiriya: Porogaramu yohereza verisiyo ya TLS, cipher, na nimero idasanzwe hamwe na Seriveri Izina Indication (SNI), ibwira seriveri izina ry'izina ishaka kwinjiramo (ituma habaho gusangira IP ku mbuga nyinshi).
○ Ikibazo cya Seriveri yorohereza abantu no gutanga seriveri: Seriveri ihitamo verisiyo ya TLS na cipher bikwiye, hanyuma yohereza seriveri yayo (ifite urufunguzo rusange) n'imibare idasanzwe.
○ Kwemeza icyemezo: Porogaramu igenzura urubuga rwa seriveri kugeza ku muzi wizewe wa CA kugira ngo irebe ko rutari rwihimbwa.
○ Gukora urufunguzo rwa Premaster: Porogaramu yo gushakisha (browser) ikora urufunguzo rwa premaster, ikarushyiraho urufunguzo rusange rwa seriveri, hanyuma ikarwohereza kuri seriveri. Impande ebyiri ziganira ku rufunguzo rw'iburanisha: Bakoresheje imibare y'impande zombi idasanzwe n'urufunguzo rwa premaster, umukiriya na seriveri babara urufunguzo rumwe rw'iburanisha rw'iburanisha.
○ Gusoza ikiganiro: Impande zombi zohererezanya ubutumwa "Byarangiye" hanyuma zikinjira mu cyiciro cyo kohereza amakuru mu buryo bwa "encrypted".
3️⃣ Kohereza amakuru mu buryo bwizewe
Amakuru yose ya serivisi ashyirwa mu buryo bungana hamwe n'urufunguzo rw'inama ruganiriweho neza, nubwo rwafatwa hagati, ni agace gato k' "code yahinduwe".
4️⃣ Kongera gukoresha mu gihe runaka
TLS yongera gushyigikira Session, ishobora kunoza cyane imikorere yemerera umukiriya umwe gusimbuka intoki zigoye.
Uburyo bwo gushakisha amakuru mu buryo butaringaniye (nka RSA) burizewe ariko buragenda buhoro. Uburyo bwo gushakisha amakuru mu buryo butaringaniye ni bwo bwihuse ariko uburyo bwo kuyakwirakwiza buragoye. TLS ikoresha ingamba "z'intambwe ebyiri" - mbere na mbere uburyo bwo gushakisha amakuru mu buryo butaringaniye hanyuma hagakurikiraho uburyo bwo gushakisha amakuru mu buryo butaringaniye kugira ngo amakuru ashyirwe mu buryo bunoze.
2. Iterambere rya algorithme no kunoza umutekano
RSA na Diffie-Hellman
○ RSA
Yakoreshejwe bwa mbere cyane mu gihe cya TLS handshake kugira ngo ikwirakwize imfunguzo z'itsinda mu buryo bwizewe. Umukiriya akora imfunguzo z'itsinda, akazigiramo uburinzi akoresheje urufunguzo rusange rwa seriveri, hanyuma akazohereza kugira ngo seriveri yonyine ibe ari yo ishobora kuzikuraho uburinzi.
○ Diffie-Hellman (DH/ECDH)
Kugeza kuri TLS 1.3, RSA ntabwo ikoreshwa mu guhanahana urufunguzo ahubwo ishyigikira algorithme za DH/ECDH zizewe cyane zishyigikira ibanga ry’ibanga (PFS). Nubwo urufunguzo rwihariye rwaba rwamenetse, amakuru y’amateka ntashobora gufungurwa.
| Verisiyo ya TLS | Algorithm y'ihererekanya ry'urufunguzo | Umutekano |
| TLS 1.2 | RSA/DH/ECDH | Hejuru |
| TLS 1.3 | gusa kuri DH/ECDH | Hejuru cyane |
Inama zifatika Abakora mu mikoranire y'abantu bagomba kumenya
○ Ivugurura ry'ibanze kuri TLS 1.3 kugira ngo ushobore gufunga amakuru vuba kandi mu buryo bwizewe.
○ Koresha ciphers zikomeye (AES-GCM, ChaCha20, nibindi) kandi uhagarike algorithms zidakomeye na protocole zidatekanye (SSLv3, TLS 1.0);
○ Gushyiraho HSTS, OCSP Stapling, nibindi kugira ngo kunoze uburinzi rusange bwa HTTPS;
○ Kuvugurura no gusuzuma buri gihe uruhererekane rw'impamyabumenyi kugira ngo urebe neza ko uruhererekane rw'impamyabumenyi ari ingirakamaro kandi ko ari inyangamugayo.
Umwanzuro n'Ibitekerezo: Ese ubucuruzi bwawe bufite umutekano koko?
Kuva kuri HTTP isanzwe kugeza kuri HTTPS yuzuye ihishe, ibisabwa mu mutekano byagiye bihinduka nyuma ya buri kuvugurura protocole. Nk'inkingi y'itumanaho rihishe mu miyoboro igezweho, TLS ihora irushaho kwiyubaka kugira ngo ihangane n'ibidukikije birushaho kuba ingorabahizi by'ibitero.
Ese ubucuruzi bwawe busanzwe bukoresha HTTPS? Ese imiterere ya crypto yawe ijyanye n'imikorere myiza y'inganda?
Igihe cyo kohereza: 22 Nyakanga-2025
